Firewall security: Problems with simple Samba file share
Sasquatch
Just curious about other folks opinions: I always use a hardware firewall but I always setup software iptables or whatever also, and explicitly disable services I don't want. I then completely remove anything that I don't intend to use at all. On top of that I add pam controls for various things, and will do redundancy like only allowing public key authentication for ssh but also using pam to limit failed login attempts.
Maybe right now the firewall only allows ssh from a specific set of ip's but that might have to be changed, so I have key authentication only, no logins. On top of that, I'll only have certain users allowed for ssh, and so on.
When I suddenly have to open up part of that for whatever reason, I already have the other protections in place. Yeah, sometimes it's annoying because I have to tear down several barriers to get what I need, but it's comforting to think that someone deliberately trying to breach me would be hampered in the same ways - so if they managed to break through the hardware firewall, the machine's iptables still should stop them, etc.
I think it's good that you're so careful. I do not claim that my hardware-firewall-only approach is advisable. It's just that, for me, it's all...
I know there are other folks just as compulsive and maybe even more so, but is that more prevalent than " I have not set up a firewall because my home LAN is protected by a hardware firewall" ?
Oooh ... scary! But meaningless. The word "potentially" gives it away. I think you are really saying "he has a internet connection in which all incoming packets are not blocked, ?therefore? (maybe...
-- Tony Lawrence
Firewall security: Problems with simple Samba file share 3574
Linux groups from Newsgroups