> Blocking all the other services doesn't help if you have one > that is insecure (or running as root). If you have nothing on > the machine but a web server, and through the combination of it > running as root (unlikely) and a misconfiguration or summat, > it's just as easy to break into as a machine with no firewall > and a whole bunch of other programs, all properly secured, with > the buggy/misconfigured web server. Moral of the story: root != > (everyday user || service account)
Yeah, man...that's what gets me down sometimes. I work for a software company (not a developer, myself), and sometimes you end up talking to some net admin that's trying to run your server software but is adamant about NOT opening any more ports than are *absolutely necessary* on the firewall...even if all ports are going to allow traffic only to and from the one server box. It's weird, but a common occurrence, even among highly trained admins. People seem to think that more ports open means less security, when in reality it's not the ports that are security holes, it's the services communicating through those ports. You've already got at least 2 ports open (minimum), so why balk at a range 1000 more for the service? -- Eric (the Deacon remix) _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
