[mythtv-users] Has anyone configured a "semi"-diskless frontend?
Matt Mossholder
matt at mossholder.com
Fri Jan 7 08:36:09 EST 2005
Now, as a security consultant, I don't know if I would go that far.
Firewalls still serve the same purpose they always have: To prevent the
bulk of attacks originating on the "outside" of the firewall, by
limiting what traffic is permitted to pass between networks. However, a
good security policy includes many layers, and so includes things like
patching, hardening, monitoring and otherwise securing the other devices
in the network, as well a policy to govern the way people interact with
them.
What went out with the nineties is assuming that the firewall is going
to do it all for you....
--Matt
On Fri, 2005-01-07 at 00:52 -0800, Brad Templeton wrote:
> On Thu, Jan 06, 2005 at 08:28:34PM -0600, Kevin Kuphal wrote:
> > Brad Templeton wrote:
> > On my home network, behind firewalls, I have none of these security
> > concerns. If it is just the address of the DB server, it shouldn't be
> > hard to do Zeroconf or even a simple broadcast as you suggest. I'll
> > have to put this on my list of things to do...
>
> Just about any security consultant today will admit, either in confidence
> or in public, that firewalls are a really, really bad idea about how to do
> security. It's a very rare network (though not nonexistent) that
> doesn't have at least one machine subject to compromise through any
> number of channels (for example, it's a laptop and it goes outside
> the firewall from time to time, or it runs Windows) and that means the
> whole network is vulnerable.
>
> Firewalls are a 1990s design. You put them up if you have no other choice,
> or (like many of us, including me) because you're lazy and not that worried,
> but when you design a new system today, one for other people to use, you
> should not design it based on the idea of a firewalled network. It would
> not be responsible to the users you are coding for.
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
--
Matt Mossholder <matt at mossholder.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mythtv.org/pipermail/mythtv-users/attachments/20050107/dd9f7a4f/attachment.htm
More information about the mythtv-users
mailing list