[Sussex] FTP - Fedora core 3
Ronan Chilvers
ronan at thelittledot.com
Thu Aug 11 09:18:23 UTC 2005
On Thu, 11 Aug 2005 09:16:58 +0100
Jon Fautley <jfautley at redhat.com> wrote:
> Ronan Chilvers wrote:
>
> > Great again!! However, I don't think firewalling is really
> > necessary if its a trusted internal system, ie: not internet
> > facing. Good idea to setup an anonymous FTP area maybe to restrict
> > where FTPers can go, but a firewall sounds a bit like overkill,
> > really.
>
> That is totally and utterly dependant upon the environment in which
> the system is installed.
True, which is why I said 'if its a trusted internal system'. It also
depends what services you have running. It doesn't sound like there's
a requirement for any of the more high-brow firewalling /
traffic shaping stuff like rate limiting, port redirection, NAT, etc,
in which case isn't the firewall simply blocking access to a
range of ports? If that's the case and you don't have services opening
ports that don't need to be open, then why can't you dispense with a
firewall?
>
> Just because it's sitting on the corporate LAN, doesn't mean it's a
> 'trusted' environment.
Sure, and I've just seen the post revealing the NHS connection, so
AAARRRGHHH!! But I'm still not really clear on where a firewall is
going to help. If I have HTTP, FTP and SMTP running with no other
ports open and given the above caveats, my firewall is just blocking
ports which aren't open anyway. Isn't it? My implication is that you
shouldn't be using firewalling to make up for weaker security elsewhere
in the configuration.
Maybe there's a requirement for using some stateful firewalling but
again, it didn't sound like it.
My 2p.
Cheers
Ronan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20050811/85e386dd/attachment.pgp
More information about the Sussex
mailing list