Re: Is anyone actually USING IP QoS?

[Brett_Watson () enron net]

On 06/16/99 10:55:40 AM Alex P. Rudnev wrote:

> They (cisco) promised to realise ssh. Hope we'll see it in a few years,
> For now, install IPSEC, tunnel, bla-bla-bla, and may be you'll have a
> piece of security.

cisco *has* released code with ssh (ok, not released in the cisco-sense but
you can get it)

> Unix machine... drop all services you don't need, run your services not
> as the root, install secure level or read-onl.y file system - and no
> problems.

this is just rediculous.  it's not as simple as "no problems".   the things
you state are rather obvious but for a system to be used as *anything*
(cache, web server, video server, etc) you simply have to have certain
ports open, many times simple udp ports.  locking down down services/ports,
and running anything you can as non-root certainly goes a long way in
protecting the system but it's just not that cut and dried.

 i'll give you and vadim full credit for being math wizards, or scientists
(which i clearly am not) but don't choose your next career in the
computer/network security industry.  :)

-brett