[mythtv-users] Has anyone configured a "semi"-diskless frontend?
stan
stanb at panix.com
Fri Jan 7 06:52:18 EST 2005
On Fri, Jan 07, 2005 at 12:52:59AM -0800, Brad Templeton wrote:
> On Thu, Jan 06, 2005 at 08:28:34PM -0600, Kevin Kuphal wrote:
> > Brad Templeton wrote:
> > On my home network, behind firewalls, I have none of these security
> > concerns. If it is just the address of the DB server, it shouldn't be
> > hard to do Zeroconf or even a simple broadcast as you suggest. I'll
> > have to put this on my list of things to do...
>
> Just about any security consultant today will admit, either in confidence
> or in public, that firewalls are a really, really bad idea about how to do
> security. It's a very rare network (though not nonexistent) that
> doesn't have at least one machine subject to compromise through any
> number of channels (for example, it's a laptop and it goes outside
> the firewall from time to time, or it runs Windows) and that means the
> whole network is vulnerable.
>
> Firewalls are a 1990s design. You put them up if you have no other choice,
> or (like many of us, including me) because you're lazy and not that worried,
> but when you design a new system today, one for other people to use, you
> should not design it based on the idea of a firewalled network. It would
> not be responsible to the users you are coding for.
While you are certainly correct about at least one of the "insied" machines
being comprimised, security is best done as a "defense iin depth" aproach,
and a firewall is a significant part of such a desing.
--
"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
-- Benjamin Franklin
More information about the mythtv-users
mailing list