On Thu, Mar 20, 2008 at 5:42 PM, Mark E. Mallett <[EMAIL PROTECTED]> wrote:
> On Thu, Mar 20, 2008 at 09:46:04AM -0400, Jerry Feldman wrote: > > On Wed, 19 Mar 2008 21:38:52 -0400 > > "Mark E. Mallett" <[EMAIL PROTECTED]> wrote: > > > > > sometimes it's good to reboot a system just to make sure you can. > > > > That's very old school :-) > > But all of that is completely different from what I said. I agree that > software can keep running without a reboot. But as I mentioned, > sometimes a reboot will find something that you can't possibly find by > keeping a system running. Like some of the things I listed. My point > is that a planned reboot can help protect you from surprises that you > might learn only from an unplanned reboot. > I was at one place that used OpenBSD for its firewall systems. And had several throughout its network to isolate potential security problems (the printers were firewalled off on thier own subnet for example). Once a week, *all* the firewalls were rebooted. This was primarily disconnected any SSH connections and I think it was a good thing for that environment. FWIW, the systems almost never needed patches because only needed services & programs were installed. No compilers, editors, shells, etc. A firewall doesn't need email so it's not installed. If there's a hole in email, it doesn't exist to be exploited. While I was there a cisco vulnerability came out with network logins. We had deleted them and could only admin/access via a serial cable from another system. Therefore, no patch needed.
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/