stuff (was Re: Talks (was: Re: [YLUG] A basic question))
Steve Kemp
steve at steve.org.uk
Fri Dec 28 20:19:47 GMT 2007
On Fri Dec 28, 2007 at 19:51:19 +0000, Arthur Clune wrote:
> True, but that's 99.99% of my users, and probably yours as well
> (only 90%? You've got a better user base than most :).
heh.
> Protecting things like printers (and yes, they will get hacked if on
> the open net) is rather hard if they are not firewalled off. They're
> not usually the most configurable of devices. Ditto tape libraries,
> multi-function copies and more
I think when you get into the topic of things like printers you're
really talking about perimeter protection - or "big" firewalling which
is a whole other topic.
(i.e. not just iptables protecting a single machine.)
For that kind of scenario segmentation is good, and products such
as a Watchguard or Checkpoint box are good investments. Although
the big shiny box won't protect you at all unless your rules and
policies are good.
> Except, as I mention above, when you've trying to protect
> stuff run my other people. Or (wisper it), you're running a
> mixed environment with MS Windows stuff in there as well.
Agreed. For those kind of scenarios my answers would differ,
but for the things I run myself (single machines, or small
networks) I'd stick with what I said before.
> Then, once you've done all this, someone goes and installs
> a php server :)
After over a year of being PHP-free I've had to reinstall
it again. I'm already counting the days ..
Steve
--
# Commercial Debian GNU/Linux Support
http://www.linux-administration.org/
More information about the York
mailing list