RE: X server in a Firewall

["Martijn Berlage" <Martijn () Berlage org>]

> -----Original Message-----
> From: firewall-wizards-admin () honor icsalabs com 
> Subject: Re: [fw-wiz] X server in a Firewall
>
> well, say, yet another a*hole^Wperson walks in and says they 
> deploy a new application, maybe it is not so bad per se so it 
> should not be banned, but changing firewall rulesets to make 
> it pass and blocking everything else that may sneak along may 
> take some time requiring excessive ruleset changes (hey guys, 
> does your sh*t still work when i block THIS?)

Assuming you even want to enter the world of hurt when it comes to badly
documented software, basics like that should be figured out on a test
platform. While there are plenty of reasons that would justify frequent
changes to firewall rulesets, this is a very bad one.

Besides that: Software that does not come with a decent documentation on
what kind of traffic is needed for it to operate is something I consider
'bad' by default. If the designers won't spend time on thinking about
what they exactly need network-wise, I have no reason to believe they
have taken the time to even look up the meaning of 'security'.

With respect to the question about running a GUI, my first reaction
would be to question the neccessity of it. Why would any competent (team
of) admin(s) *really* *need* a GUI? Sure, sometimes it comes in handy.
It can provide nice graphs about utilisation. But do those bells &
whistles outweigh the extra risk?

Martijn

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards