Randy Marchany writes...
>Steve Kotsopoulos writes...
> >Most Unix systems are unfortunately insecure out of the box.
> >We should expect all good firewalls to be highly secure out of the box.
> I agree 100%. The true test of a firewall package is to see what it does when
> you DON't follow the vendor recommended procedures. How does it handle stupid
> user tricks? What state does it leave your network when something like that
> happens? There's a gap between the people who really read the instructions and those who
> just scan the instructions. Unfortunately, I believe the scanners outnumber the
> readers...:-).
I'm sorry, I disagree 100%. There are dabblers, and there are professionals.
Dabblers always just scan the instructions. Professionals do, too, but
they know when they need to go back and read them. If you don't follow
the recommended procedures, you assume some of the responsibility for the
consequenses. Or would you rather all UNIX systems shipped with a random
root password so you don't have to worry about forgetting to set one?
--
Mike .
Jones @
unifiedtech .
com
Make no mistake about it: Operation Desert Storm truly was a victory
of good over evil, of freedom over tyranny, of peace over war.
- Dan Quayle, in remarks at Arlington National Cemetary
Follow-Ups:
|
|
