nanog mailing list archives

Re: Port blocking last resort in fight against virus

From: Måns Nilsson <mansaxel () sunet se>
Date: Wed, 13 Aug 2003 10:17:27 +0200

--On Wednesday, August 13, 2003 11:00:56 +0300 Petri Helenius
<pete () he iki fi> wrote:

I think filters/firewalls are useful.  I believe every computer should
have one.

Firewalls are a patch to broken network application architechture. If
your applications would have been properly designed, you would not have
the need for firewalls. They are for perimeter defence only anyway.


The important wording here is "every computer should have one"; indicating
that it is the host that protects itself. This said, I do agree that
properly written operating systems not even need this. One free Unix-clone
I happen to run manages to reach this level of properness; so it is
definitely possible. 

-- 
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.

Attachment: _bin
Description:

Current thread:

Re: Port blocking last resort in fight against virus, (continued)
- - Re: Port blocking last resort in fight against virus Randy Bush (Aug 12)
    - Re: Port blocking last resort in fight against virus Sean Donelan (Aug 12)
    - Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 12)
    - Re: Port blocking last resort in fight against virus Randy Bush (Aug 12)
    - Re: Port blocking last resort in fight against virus Robert Raszuk (Aug 13)
    - Re: Port blocking last resort in fight against virus Randy Bush (Aug 13)
    - Re: Port blocking last resort in fight against virus Robert Raszuk (Aug 13)
    - Re: Port blocking last resort in fight against virus John Kristoff (Aug 13)
    - Re: Port blocking last resort in fight against virus Mans Nilsson (Aug 13)
    - Re: Port blocking last resort in fight against virus Petri Helenius (Aug 13)
    - Re: Port blocking last resort in fight against virus Måns Nilsson (Aug 13)
    - Re: Port blocking last resort in fight against virus neal rauhauser 402-301-9555 (Aug 13)
    - Re: Port blocking last resort in fight against virus Jason Houx (Aug 13)
    - Message not available
    - firewall == network diaper, ranting in HTML neal rauhauser 402-301-9555 (Aug 14)
    - Re: Port blocking last resort in fight against virus Stephen J. Wilcox (Aug 13)
    - Re: Port blocking last resort in fight against virus Mans Nilsson (Aug 13)
    - Re: Port blocking last resort in fight against virus Stephen J. Wilcox (Aug 13)
    - Re: Port blocking last resort in fight against virus Mans Nilsson (Aug 13)
    - Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 13)
    - Re: Port blocking last resort in fight against virus Jack Bates (Aug 13)
    - Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 13)

(Thread continues...)