|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Port blocking last resort in fight against virus
Måns Nilsson wrote:
> > Firewalls are a patch to broken network application architechture. If
> > your applications would have been properly designed, you would not have
> > the need for firewalls. They are for perimeter defence only anyway.
Right on - if you can't plug a machine directly in to the internet
and rely on its own defenses & well written code to keep it safe, why
are you plugging it in at all?
> The important wording here is "every computer should have one"; indicating
> that it is the host that protects itself. This said, I do agree that
> properly written operating systems not even need this. One free Unix-clone
> I happen to run manages to reach this level of properness; so it is
> definitely possible.
I agree completely with this - several years ago I expunged
Microsoft products from my life with the sole exception of one internet
free box for playing Civilization II and my blood pressure dropped
dramatically. A little while later I expunged Red Hat in favor of
FreeBSD and I experienced a decrease in trouble that was nearly as
satisfying as the Windows => Red Hat transition.
Now there is a brand new OpenBSD box here. The major release
upgrade process is not nearly as nice as FreeBSD, but you have to just
love that non executeable stack, ssh privilege separation, and all the
other details that are just taken care of by the OBSD crew. Perhaps
it'll start making inroads on my FreeBSD installed base.
|