[60475] in North American Network Operators' Group
Re: Port blocking last resort in fight against virus
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?M=E5ns_Nilsson?=)
Wed Aug 13 04:18:35 2003
Date: Wed, 13 Aug 2003 10:17:27 +0200
From: =?ISO-8859-1?Q?M=E5ns_Nilsson?= <mansaxel@sunet.se>
To: "nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <3F39F038.9040104@he.iki.fi>
Errors-To: owner-nanog-outgoing@merit.edu
--==========1709192778==========
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
--On Wednesday, August 13, 2003 11:00:56 +0300 Petri Helenius
<pete@he.iki.fi> wrote:
>>> I think filters/firewalls are useful. I believe every computer should
>>> have one. =20
> Firewalls are a patch to broken network application architechture. If
> your applications would have been properly designed, you would not have
> the need for firewalls. They are for perimeter defence only anyway.
The important wording here is "every computer should have one"; indicating
that it is the host that protects itself. This said, I do agree that
properly written operating systems not even need this. One free Unix-clone
I happen to run manages to reach this level of properness; so it is
definitely possible.=20
--=20
M=E5ns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC MN1334-RIPE
We're sysadmins. To us, data is a protocol-overhead.
--==========1709192778==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)
iD8DBQE/OfQX02/pMZDM1cURAoNfAKCYJMjQHhT3koQqHzLaSL+Vv3fejQCgipZC
WVM7hFy6bZn8AUz3ecK+PfU=
=8xvs
-----END PGP SIGNATURE-----
--==========1709192778==========--
