John Andersen said the following on 04/30/2013 02:07 PM:
But Linux isn't windows, and if you know and control exactly what services/ports you have open to the wild woolly world there is no need of a firewall. After all a firewall is usually nothing but a sloppy way of controlling what ports you expose.
Ah yes, Steve Bellovin's famous quote from his classic book on firewalls: The firewall is the network's response to poor host security The trouble is that its a bit absolutist. The real world is that its often necessary, as I said but you omitted from my quote, to have ports open FOR BUSINESS REASONS. Yes, closing ports turn off services (and hey, turn of the (x)inet daemon as well) but that doesn't make the machines invulnerable; there are other ways of getting malware in: they are called applications. No, I'm not talking about servers, I mean things like web browsers and email clients. It doesn't even have to be drive0bys or getting the user to click on the url of a html-mail message. To do nifty things people download extensions and plugins. They don't even have to be trojans. Recall the bugs in adobe reader that would let a specially crafted document exploit the vulnerability? Well now firefox has its own built in pdf reader :-) Wanna bet that is "bug free"? -- Engineers aren't boring people; we just get excited over boring things. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org