RE: Mac X-Server Security Questions...

["Brad Berson" <brad.berson () bytebrothers org>]

> > BTW #2:  ipfw is a joke

> Can you (or someone) elaborate on this?

Bear in mind that I'm just learning my way through this, but here goes.
First of all it's a software firewall, which means it'll never be as
good/effective as a separate appliance.  Second, it's only superficially
programmed through the GUI, and if you start fiddling with its native
config your changes are likely to be obliterated next time you touch the
GUI.  Third, we found that while ipfw happily reported all the traffic
going through, it wasn't actually denying traffic it was supposed to
deny, and reportedly denying.  Fourth, when trying to figure out why
that was happening, on the phone with Apple themselves, we were told
outright that they don't support ipfw.  And we never did figure it out.
Thanks a friggin' lot, Apple.  Hello Sonicwall!

Frankly I'm sick and tired of Apple and Microsoft (yeah, I had some fun
with THEM this week too) thinking of more ways to deny support than to
take care of what they're selling and the poor misguided customers
stupid and gullible enough to invest in their wares.  Next time a
customer asks me what to buy I'm telling them "INDEX CARDS".

-Brad

---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals.  Norwich University is fulfilling this demand with its MS in
Information Security offered online.  Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------