On Tue, Apr 30, 2013 at 4:16 PM, John Andersen <jsamyth@gmail.com> wrote:
On 4/30/2013 12:56 PM, Carlos E. R. wrote:
enabled. As my laptop is plugged in here it has its firewall disabled. That's because the LAN is behind a nice big commercial firewall box :-)
I would not dare to connect my machine without firewall on a corporate or school environment. Most successful attacks come from insiders.
Neither would I. I have seen the kind of mischief some students can get into. Fortunately I have not had to deal with an insider attack. But that is why there is IT admin staff, who are, in a sense, gatekeepers, ensuring that no service that isn't needed n a given machine is running, that the firewalls are properly maintained, &c. I would never let users, be they academic staff, students, or even my programmers, change any services or the various security related protocols that we have established. That is the role of the IT admin staff, under the direction of the appropriate management personnelle, and it is ther heads on the line if they make a mistake that compromises security. i
Windows, Yes, I agree. Linux? Not a problem.
You do understand, don't you Carlos, that a software firewall (iptables) can only stop packets AFTER they have already entered your machine? And if nothing is listening on a port no packet will be accepted on that port, and it won't get into your machine?
Yes, yes, but there are other risks that need to be managed; and there are methods that are adequate to deal with mischeivous script kiddies, and others that need well trained IT security experts. A firewall is only one tool in a comprehensive security toolset, intended to support whatever security related policies are deemed appropriate. I do not think even Linux would, in itself, be adequate defense either against an internal attack (or mischeivous, but otherwise competent IT students) or a professional cyber-criminal. Windows has its issues, but so does every other readily available OS. There is no substitue for capable, diligent IT admin staff (they do things I wouldn't even attempt on my own. Cheers Ted -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org