On Thu, 2003-03-13 at 14:59, Me wrote: > > Security should never impact usability of something. If it does, then > > something is not doing what it was designed to do. > > That's just plain wrong. > > I guess I just need to give you an example our you just can't see it. > > Let's say you are sitting behind a firewall that has all ports blocked > that you are not using. Now let's say you want to put up a game server. > You will have to open up ports so that the game server can accept > connections from the Internet. So your security will have to change to > reflect your new uses for your computer. > > Now, let's say you have a personal firewall like Zonealarm loaded on your > PC. You download a new MMPG. The new game of course tries to access the > Internet but Zonealarm stops it. Now Zone Alarm really makes it easy to > change your security model but it does require a change. That's > usability. > > Now you could configure Zone Alarm to allow any program to access the > internet. Thus decreasing your level of security but increasing your > usability. > > All the above examples show situations where the security measure was in > your control. What if the firwall was at your ISP and they didn't allow > modifications. You would have to switch ISPs or forget about the game. > That is usability. > > See now. I said I wasn't gonna do it and I went and done it anyway. lol >
First off, all above points are made in regard to client, not server applications. Follow the thread you will see we were talking about server security. Next ZoneAlarm is not a firewall (packetfilter != firewall). Look at it this way. you have a CS server with no firewall. You add a firewall that blocks all traffic other than CS related traffic, and change the user running cs to a non privilaged one. You have now added security, without forsaking any usability. As for giving me lessons regarding security. When implimenting security measures they should never impact the service itself, if it does, chances are the service was being used/setup wrong in the first place. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
