[60495] in North American Network Operators' Group
Re: Port blocking last resort in fight against virus
daemon@ATHENA.MIT.EDU (Jason Houx)
Wed Aug 13 11:47:28 2003
Date: Wed, 13 Aug 2003 11:38:32 -0400 (EDT)
From: Jason Houx <coldiso@houx.org>
To: neal rauhauser 402-301-9555 <neal@lists.rauhauser.net>
Cc: =?iso-8859-1?Q?M=E5ns?= Nilsson <mansaxel@sunet.se>,
"nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <3F3A4199.32C45F67@lists.rauhauser.net>
Errors-To: owner-nanog-outgoing@merit.edu
Spoken like a true advocate! And I have had the same experience since
joining OpenBSD back in 2.6 ;-) its only getting better. spamd, pf,
altq, and snort all very nice. I have one desktop at home running 3.3
--current too and no complaints even with following bleeding edge. I hope
OpenBSD does get more support!
my 2¢
------------------------------------------------------------
(_ ) Jason Houx, CCNA <coldiso@houx.org>
\\\'',) ^ Com.net Inc.
\/ \( Bright.net Network Operations
.\._/_)
OpenBSD Unix - live free or DIE!
------------------------------------------------------------
On Wed, 13 Aug 2003, neal rauhauser 402-301-9555 wrote:
>
> Måns Nilsson wrote:
> > > Firewalls are a patch to broken network application architechture. If
> > > your applications would have been properly designed, you would not have
> > > the need for firewalls. They are for perimeter defence only anyway.
>
>
> Right on - if you can't plug a machine directly in to the internet
> and rely on its own defenses & well written code to keep it safe, why
> are you plugging it in at all?
>
> > The important wording here is "every computer should have one"; indicating
> > that it is the host that protects itself. This said, I do agree that
> > properly written operating systems not even need this. One free Unix-clone
> > I happen to run manages to reach this level of properness; so it is
> > definitely possible.
>
>
> I agree completely with this - several years ago I expunged
> Microsoft products from my life with the sole exception of one internet
> free box for playing Civilization II and my blood pressure dropped
> dramatically. A little while later I expunged Red Hat in favor of
> FreeBSD and I experienced a decrease in trouble that was nearly as
> satisfying as the Windows => Red Hat transition.
>
>
> Now there is a brand new OpenBSD box here. The major release
> upgrade process is not nearly as nice as FreeBSD, but you have to just
> love that non executeable stack, ssh privilege separation, and all the
> other details that are just taken care of by the OBSD crew. Perhaps
> it'll start making inroads on my FreeBSD installed base.
>
