<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.2.4">
</HEAD>
<BODY>
Now, as a security consultant, I don't know if I would go that far. Firewalls still serve the same purpose they always have: To prevent the bulk of attacks originating on the "outside" of the firewall, by limiting what traffic is permitted to pass between networks. However, a good security policy includes many layers, and so includes things like patching, hardening, monitoring and otherwise securing the other devices in the network, as well a policy to govern the way people interact with them. <BR>
<BR>
What went out with the nineties is assuming that the firewall is going to do it all for you....<BR>
<BR>
<BR>
--Matt<BR>
<BR>
On Fri, 2005-01-07 at 00:52 -0800, Brad Templeton wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">On Thu, Jan 06, 2005 at 08:28:34PM -0600, Kevin Kuphal wrote:</FONT>
<FONT COLOR="#000000">> Brad Templeton wrote:</FONT>
<FONT COLOR="#000000">> On my home network, behind firewalls, I have none of these security </FONT>
<FONT COLOR="#000000">> concerns. If it is just the address of the DB server, it shouldn't be </FONT>
<FONT COLOR="#000000">> hard to do Zeroconf or even a simple broadcast as you suggest. I'll </FONT>
<FONT COLOR="#000000">> have to put this on my list of things to do...</FONT>
<FONT COLOR="#000000">Just about any security consultant today will admit, either in confidence</FONT>
<FONT COLOR="#000000">or in public, that firewalls are a really, really bad idea about how to do</FONT>
<FONT COLOR="#000000">security. It's a very rare network (though not nonexistent) that</FONT>
<FONT COLOR="#000000">doesn't have at least one machine subject to compromise through any</FONT>
<FONT COLOR="#000000">number of channels (for example, it's a laptop and it goes outside</FONT>
<FONT COLOR="#000000">the firewall from time to time, or it runs Windows) and that means the</FONT>
<FONT COLOR="#000000">whole network is vulnerable.</FONT>
<FONT COLOR="#000000">Firewalls are a 1990s design. You put them up if you have no other choice,</FONT>
<FONT COLOR="#000000">or (like many of us, including me) because you're lazy and not that worried,</FONT>
<FONT COLOR="#000000">but when you design a new system today, one for other people to use, you</FONT>
<FONT COLOR="#000000">should not design it based on the idea of a firewalled network. It would</FONT>
<FONT COLOR="#000000">not be responsible to the users you are coding for.</FONT>
<FONT COLOR="#000000">_______________________________________________</FONT>
<FONT COLOR="#000000">mythtv-users mailing list</FONT>
<FONT COLOR="#000000"><A HREF="mailto:mythtv-users@mythtv.org">mythtv-users@mythtv.org</A></FONT>
<FONT COLOR="#000000"><A HREF="http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users">http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users</A></FONT>
</PRE>
</BLOCKQUOTE>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
-- <BR>
Matt Mossholder <<A HREF="mailto:matt@mossholder.com">matt@mossholder.com</A>>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>