[geeks] Fedora question regarding firewalls in general...
Lionel Peterson
lionel4287 at gmail.com
Sun Mar 28 16:59:05 CDT 2010
On Mar 27, 2010, at 1:09 PM, Phil Stracchino <alaric at metrocast.net>
wrote:
> All you can do is try to be generally secure enough that when someone
> discovers the hole and tries to use it against you, they're unable to
> exploit it because something else you're already doing breaks the
> exploit chain.
Security by multiplicity? I like it.
Obviously, more security is better, but you can reach a point of
diminishing returns, IMHO. In the OP's case, the ISP filtered
'standard' service ports, and adding another level of protection at
your DMARK would create a 'belt and suspenders' level of protection.
Protecting each client machine with local firewalls while not a bad
idea, will only provide protection after the first two firewalls are
compromised AND your NAT is crossed...
Lionel
More information about the geeks
mailing list