North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Port blocking last resort in fight against virus
Spoken like a true advocate! And I have had the same experience since joining OpenBSD back in 2.6 ;-) its only getting better. spamd, pf, altq, and snort all very nice. I have one desktop at home running 3.3 --current too and no complaints even with following bleeding edge. I hope OpenBSD does get more support! my 2� ------------------------------------------------------------ (_ ) Jason Houx, CCNA <[email protected]> \\\'',) ^ Com.net Inc. \/ \( Bright.net Network Operations .\._/_) OpenBSD Unix - live free or DIE! ------------------------------------------------------------ On Wed, 13 Aug 2003, neal rauhauser 402-301-9555 wrote: > > M�ns Nilsson wrote: > > > Firewalls are a patch to broken network application architechture. If > > > your applications would have been properly designed, you would not have > > > the need for firewalls. They are for perimeter defence only anyway. > > > Right on - if you can't plug a machine directly in to the internet > and rely on its own defenses & well written code to keep it safe, why > are you plugging it in at all? > > > The important wording here is "every computer should have one"; indicating > > that it is the host that protects itself. This said, I do agree that > > properly written operating systems not even need this. One free Unix-clone > > I happen to run manages to reach this level of properness; so it is > > definitely possible. > > > I agree completely with this - several years ago I expunged > Microsoft products from my life with the sole exception of one internet > free box for playing Civilization II and my blood pressure dropped > dramatically. A little while later I expunged Red Hat in favor of > FreeBSD and I experienced a decrease in trouble that was nearly as > satisfying as the Windows => Red Hat transition. > > > Now there is a brand new OpenBSD box here. The major release > upgrade process is not nearly as nice as FreeBSD, but you have to just > love that non executeable stack, ssh privilege separation, and all the > other details that are just taken care of by the OBSD crew. Perhaps > it'll start making inroads on my FreeBSD installed base. >
|