RE: X server in a Firewall

["Hammerle, Tye" <Tye.F.Hammerle () snapon com>]

It would be interesting to hear what needs changing that often on a regular
basis.   


Tye 


-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of R. DuFresne
Sent: Saturday, January 28, 2006 4:08 PM
To: Marcus J. Ranum
Cc: Paul D. Robertson; John M; firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] X server in a Firewall

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 24 Jan 2006, Marcus J. Ranum wrote:

> Paul D. Robertson wrote:
> > Indeed, that's why console-only access is the best method.
>
> Indeed; if your firewall rulesets change so often that you find it 
> onerous to walk down the hall to the console, then your firewall 
> ruleset is changing too often, which probably means you are already in 
> a state of screwed.


Would you be infering then that since we change our rulesets bi-weekly,
every week of the year on about a hundred or more firewalls in esaps
<managed zines for each agency, that we change too often?




Thanks,

Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com Key fingerprint = 9401 4B13 B918
164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover instead of creating the
perfect love.

                 -Tom Robbins <Still Life With Woodpecker> -----BEGIN PGP
SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD2+tGst+vzJSwZikRAj2kAJ43kbP2TWI8aIU5u5QvMMO+6JL2wQCgnljL
jNEEmrVG71q2sf13zUZQBlo=
=K3Lf
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards