Archived from groups: comp.security.firewalls (
More info?)
On Wed, 2 Jun 2004 15:51:27 +0100, Mike wrote:
[snip]
> I'm not sure what you are trying to say...
>
> Is it "Organization: SHLINK Internet Service" and I should be impressed
> because you are from an ISP? If you are from an ISP you should know better.
I have a feeling you are deliberately misunderstanding what Wolfgang is
trying to communicate.
> Or is it "NNTP-Posting-Host: fw0.shlink.de" because you have hidden your ip
> address? Which resolves to :
>
> ;; ANSWER SECTION:
> fw0.shlink.de. 3600 IN A 212.60.1.4
Nothing hidden about that address? Or do you mean it is hidden
because it resolves to a DNS name? If so, I have successfully
hidden all my IP addresses
> telnet 212.60.1.4 25
> Trying 212.60.1.4...
> Connected to fw0.shlink.de (212.60.1.4).
> Escape character is '^]'.
> 220 fw0.shlink.de (RBL/SPF) ESMTP
>
> But wait! fw0? Could that be a firewall?? Firewall 0?? Nah! You couldn't
> possibly be advocating users not to use a firewall while using one
> yourself??
>
> If you don't advocate firewalls, what are you doing in this group?
This group is for discussion, not advocating. Try reading Wolfgangs
posts again.
The point he is trying to make is that while adding a NAT device might
cure the symptom of a vulnerable system (by adding more code,
statistically introducing more bugs, to solve the problem caused by
too much code in the first place), it does not solve the real problem
which is insecure systems. Securing those systems will be a much
better solution, and what we all should be advocating unless we have
another agenda than to make the Internet a more secure place. At
least that is how I interpret it.
Firewall vendors/resellers will not necessarily tell you this, because
their agenda is making money.
I really dislike the 'add a NAT device' "solution", but with a) todays
wide-spread use of insecure operating systems and default settings,
even if the new versions are much better than previous ones the old
ones are still widely used in production environments and homes, b)
the complexity of operating systems with which even computer science
graduates struggle, and c) most peoples belief that computers are easy
to use and maintain compared to other technical equipment (you probably
wouldn't service your brand new car yourself, or even your TV unless
you have a special interest or knowledge), I can see the need for an
immidiate way of treating those symptoms. But the long term goal
should still be securing the _systems_. If you disagree, I really
hope you don't work in this industry.
> Your methods may well be correct and acceptable to you, but in the context
> of the original poster who started by asking wether he needed a firewall and
> was by inference a newbie, telling him to dig into the guts of his operating
> system without even finding out what OS he had is; bad, wrong, stupid,
> irresponsible and unhelpful.
IIRC the URL to the hints on how to configure Windows securely was
mentioned, but I must admit I did not follow entire thread. However,
that does not invalidate my comments to the above.
When people are interested enough to ask if they really do need a
firewall, the correct answer in my not so humble opinion is "it
depends", followed by a more in-depth explanation preferably contained
in a FAQ. The 'newbie' is free to stop reading, or ask more
questions if it is too much/little information.
(and I don't expect anyone to be impressed by the "university of .."
in my headers - it has nothing to do with my opinions here, I'm just
an ex-employee)
- Eirik
--
New and exciting signature!