Graham Wheeler wrote:
>
> Mikael Olsson wrote:
> >
> > For the client side, passive FTP always provides better security.
>
> Unless it is a rogue client.
>
> [snip]
>
> Put another way - with passive mode, you are more open to exploits from
> the inside, while with active mode you are more vulnerable to exploits
> from the outside.
Considering that inside users (processes, if you like) can always
connect out through some means or another, I'd rather have my
firewall concentrate on keeping external Bad Guys out, rather than
attempting to concentrate on the futile task of keeping internal Bad
Guys inside.
... but that's just my point of view, I guess ;)
$.02
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
