On Fri, Jan 07, 2005 at 12:52:59AM -0800, Brad Templeton wrote: > On Thu, Jan 06, 2005 at 08:28:34PM -0600, Kevin Kuphal wrote: > > Brad Templeton wrote: > > On my home network, behind firewalls, I have none of these security > > concerns. If it is just the address of the DB server, it shouldn't be > > hard to do Zeroconf or even a simple broadcast as you suggest. I'll > > have to put this on my list of things to do... > > Just about any security consultant today will admit, either in confidence > or in public, that firewalls are a really, really bad idea about how to do > security. It's a very rare network (though not nonexistent) that > doesn't have at least one machine subject to compromise through any > number of channels (for example, it's a laptop and it goes outside > the firewall from time to time, or it runs Windows) and that means the > whole network is vulnerable. > > Firewalls are a 1990s design. You put them up if you have no other choice, > or (like many of us, including me) because you're lazy and not that worried, > but when you design a new system today, one for other people to use, you > should not design it based on the idea of a firewalled network. It would > not be responsible to the users you are coding for.
While you are certainly correct about at least one of the "insied" machines being comprimised, security is best done as a "defense iin depth" aproach, and a firewall is a significant part of such a desing. -- "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." -- Benjamin Franklin
_______________________________________________ mythtv-users mailing list mythtv-users@mythtv.org http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users