On Wed, May 22, 2002 at 05:27:21PM +1000, Anthony Towns wrote: > On Tue, May 21, 2002 at 06:09:08PM +0200, Marcus Brinkmann wrote: > > On Tue, May 21, 2002 at 11:56:48AM -0400, Nathan Hawkins wrote: > > > He's out of date WRT current practice. And some networks have more than > > > one gateway, in which case it can be desirable to administer on the > > > hosts with the relevent services. > > Wouldn't it be more secure to use two (or at least one) dedicated > > firewalls on each way out of the LAN? > > Wouldn't it be more secure to audit every line of code in the kernel > and the entire distro on a daily basis? Probably, but we can't afford > it. Not everyone can afford dedicated firewall boxes either. Even if they > can, defense-in-depth would indicate that they should use a dedicated > firewalling on the server as well as a dedicated firewall box and access > control at the application level and whatever else they can arrange.
That's the core of the security of the Hurd. It makes it possible to run a lot of things without root or other special permissions (i.e. without uids). In that way, untrusted code isn't a problem. I think firewalls are useless things. I think that restricting people with all kinds of security mechanisms is wrong too. But that's just me. Jeroen Dekkers -- Jabber ID: [EMAIL PROTECTED] IRC ID: [EMAIL PROTECTED] GNU supporter - http://www.gnu.org
pgpVTDkvA9WwS.pgp
Description: PGP signature