What the heck are you jabbering on about now? I simply said that wasn't really a solution. Using these tools aren't a bad idea, but it's not solving the problem, it's just masking a bigger problem. It's better to use more secure software (i.e., not an email client that has vulnerable to email viruses/worms) than to run an anti-virus on your emails. I.e., not running an insecure service that forces you to use a firewall to limit who can access that service. Not that some of these things aren't valid to run anyway, but for the purpose of trying to save your ass from a decision of running bad program or service, it's not the solution. How about you calm down a little. And yes, for the record, a lot of companies and people run firewalls and IDS and anti-virus due to poor choices on their system, as well as for useless reasons.
People hear the words "firewall" and to an amateur, it sounds like a neat security tool that will solve all of their problems. How many companies would need a firewall, had they a better set up? Can't trust your employees or want to prevent attacks, etc. and block other ports from access in or out, or want to limit how many times one IP or netblock can access your system per a specific duration, that's wise. Want to limit who can access a certain service to only limited IP's, okay. Is it a solution that people should just throw on their system no matter what and a firewall and IDS and anti-virus are going to change anything simply from running them? Probably not, but it depends. Just telling people to use firewalls, anti-viruses and IDS doesn't mean anything. It depends on what they are running and most people that need these are needing them because of running services or software they probably don't need or should be using a more secure alternative for. Is this difficult to understand? I never used an anti-virus, simply because I either keep up to date or don't run software that's vulnerable to it. This would do me no good. If I used insecure software it would, but why use insecure software? Now, surely there's a *better solution* to that problem. How many people need a firewall, really? Foe what purpose? If you don't run a service, you don't have to limit how it can be accessed and by whom. If you do, why are you running a service that's vulnerable to need to limit access? Run secure software and services where a firewall isn't needed, then use server-side solutions such as tcpwrappers, etc. and then use a firewall if you still feel the need--it can't hurt. Is it just something people should do? No, they should have a reason. -- Regards, Tim Greer [EMAIL PROTECTED] Server administration, security, programming, consulting. ----- Original Message ----- From: "Dan Bartley" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 03, 2003 6:53 PM Subject: RE: Ten least secure programs Holy cow!! Geesh!! My advice to others is to always use best practices regardless of the OS or applications. No one has created the perfect and totally secure environment, not even Mr. Greer. If that is in error Mr. Greer, please release it to the masses, we all sorely need your accomplishment (not to mention huge savings in money for all those useless tools like IDS and firewalls). Best Regards, Dan Bartley -----Original Message----- From: Tim Greer [mailto:[EMAIL PROTECTED] Sent: Thursday, July 03, 2003 20:28 To: Dan Bartley; [EMAIL PROTECTED] Subject: Re: Ten least secure programs Or don't run programs that are the most insecure out of the one's out there, and don't run a services that require you to need to use firewalls, IDS, and anti-virus tools. Not that these are bad things, they certainly can improve system security, depending on the platform and what you run, but are not needed if you choose the right software in the first place. --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
