Brian Coyle wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> >>>snip<<
>
> I think you're missing the point Jeff... Take a look at RFC1636 [1]
> or this cartoon- it illustrates the point quite well. ;)
>
> http://www.linuxwidows.com/mirror/bucket/HFC/LEAP/img28.htm
>
> Firewalls are just one part of an overall security posture. You
> should practice security in depth. Starting at the hosts (with
> proper permissions, limited services, etc) throughout the internal
> network, out to the perimeter.
>
> If (when) the outer firewalls are breached, if you don't have additional
> protections on the inside, the blackhats will eat you alive...
>
> HTH!
>
> [1] http://www.ietf.org/rfc/rfc1636.txt?number=1636
>
> - --
> Linux - the ultimate Windows Service Pack
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: Brian Coyle, GCIA
>
> iD8DBQE9pNa1ER3MuHUncBsRAmd7AJ9vrNRdjUUha7QRt/5qQxLE1LFiXwCfTMHs
> polMn7XwGh9LHtMNiQzLkIs=
> =iOcX
> -----END PGP SIGNATURE-----
Point taken. Love your sig Brian, that's a good one :) For a business, yes I
agree completely about permissions. But since this is a home network, getting too
restrictive only creates family arguments that are not worth the trouble caused.
It gets cold and wet sleeping outside...
I already get enough grief because the firewall stops the Windows "malware"
(freeware games, email attachments, "you gotta have this" downloads, etc.) from
initiating outside bidirectional contact, which renders some of them inoperable.
Yet when I relaxed the rules and their webcam was turned on remotely, everyone
wanted those restrictions back again until it interfered with their method of
computing. Example: (PC's only *need* two buttons...mouse and reset). And this
only covered the adults, the kids are a completely new story ;)
Jeff
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:00:27 EDT