readings good, when was the last time you actually installed openbsd
though?
Thanks,
Ron DuFresne
On Sun, 23 Apr 2000 [EMAIL PROTECTED] wrote:
> You know, I just went through this with another person on the list. Here
> we go, ipfilter gives some security, but there are soem necessary steps
> one must take to harden OpenBSD, that is not on by default.
>
> Please read Chapter 4,5,6 of Building Internet Firewalls, and refer to the
> "Ultimate Firewall" by Marcus Ranum :)
>
> /m
>
>
>
>
> "Aaron C. Springer" <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 04/23/00 02:51 PM
>
>
> To: [EMAIL PROTECTED]
> cc: [EMAIL PROTECTED], [EMAIL PROTECTED], Jochen Kaiser
> <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
> firewall list <[EMAIL PROTECTED]>, Ron DuFresne
> <[EMAIL PROTECTED]>
> Subject: Re: Which would you choose? -reply
>
>
> Oh really? When is the last time you looked?
>
> Turn on ipfilter and what else?
>
> What is more secure out of the box?
>
> acs
>
>
>
> On 23-Apr-00 [EMAIL PROTECTED] wrote:
> > Sorry OpenBSD is not secure by default, look again.. :(
> >
> > /m
> >
> >
> >
> >
> > "Aaron C. Springer" <[EMAIL PROTECTED]>
> > 04/22/00 07:50 AM
> >
> >
> > To: [EMAIL PROTECTED]
> > cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
> Jochen
> > Kaiser
> > <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
> > firewall list <[EMAIL PROTECTED]>, Ron DuFresne
> > <[EMAIL PROTECTED]>
> > Subject: Re: Which would you choose? -reply
> >
> >
> > That is almost not needed if you choose OpenBSD... secure by default..
> >
> > and soon maybe FreeBSD too...
> >
> >
> > acs
> >
> > On 22-Apr-00 [EMAIL PROTECTED] wrote:
> >> Each operating system can be a serious risk if one decides to use it as
> > a
> >> perimeter device. There is always something new to tune, harden,
> > disable,
> >> enhance on any given operating system. Prior to installing a security
> >> application on top of the residing operating system. Ask someone else
> >> within your group to cross-check your work..
> >>
> >> Disable everything, then only turn on what you may need.. :)
> >>
> >> /m
> >>
> >>
> >>
> >>
> >> Ron DuFresne <[EMAIL PROTECTED]>
> >> Sent by: [EMAIL PROTECTED]
> >> 04/22/00 11:00 AM
> >>
> >>
> >> To: Jochen Kaiser <[EMAIL PROTECTED]>
> >> cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
> > firewall
> >> list
> >> <[EMAIL PROTECTED]>
> >> Subject: Re: Which would you choose?
> >>
> >>
> >> On Sat, 22 Apr 2000, Jochen Kaiser wrote:
> >>
> >>> oh my god. this will become a monsterthread :)
> >>
> >> that it will...
> >>
> >> [SNIP]
> >>
> >>>
> >>> >
> >>> > Is Linux and ipchains/squid/TIS FWTK/etc a security risk?
> >>>
> >>> A linux out of the box always is. If you spend time and patch and
> check
> >>> configurations and use it as a standalone computer for firewalling and
> >>> squid with no other user shell access, it may be usable.
> >>>
> >>
> >> As is solars, sgi, hp, you name em, all but perhaps openbsd and even a
> > few
> >> particular distributions of linux designed to be secure 'out of the
> > box'.
> >>
> >> The key point here is knowing yer OS and knowing in particular -=how to
> >> lock it down=- It's been said here many times over, if you know an OS
> >> better then others, use that, even if yer talking linux, which can be
> > well
> >> suited to certain situations.
> >>
> >> Thanks,
> >>
> >> Ron DuFresne
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> "Cutting the space budget really restores my faith in humanity. It
> >> eliminates dreams, goals, and ideals and lets us get straight to the
> >> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> >> ***testing, only testing, and damn good at it too!***
> >>
> >> OK, so you're a Ph.D. Just don't touch anything.
> >>
> >> -
> >> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> >> "unsubscribe firewalls" in the body of the message.]
> >>
> >>
> >> -
> >> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> >> "unsubscribe firewalls" in the body of the message.]
> >
> >
> > _______________________
> > Aaron C. Springer
> > [EMAIL PROTECTED]
> > pgp key published
> > _______________________
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
>
> _______________________
> Aaron C. Springer
> [EMAIL PROTECTED]
> pgp key published
> _______________________
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
