LinuxSA Mailing list archives

  From: Mark <markc@trinity.sa.edu.au>
  To  : Alan Kennington <akenning@dog.topology.org>
  Date: Tue, 24 Apr 2001 19:36:07 +0930

Re: MS Curriculum at schools and TAFEs ...

If you take the approach that "experimentation" is fine on your firewall, 
you are asking for trouble.  On your main firewall, paranoia is better than 
"experimenting".  Set one up and watch the logs in real time.  Scarey.  You 
will note that I have not added IMO or IMHO because there is enough 
documentation out there which supports my comments.

As for Alan's statement that every one of my statements was wrong doesn't 
deserve any comment.  So I won't (even though it is killing me).

Let us all remember that Alan once posted to the list mooing about a 
machine of his being probed/attacked/hacked.
Hey why remember, do a search for it on the archives.  Perhaps it is 
attitudes like Alan's which allow this to happen.

Cheers
Mark

At 19:26 24/04/01 +0930, Alan Kennington wrote:
>On Tue, Apr 24, 2001 at 07:09:06PM +0930, Mark wrote:
> > I would like to point out to the rest of the readers that this is a bad
> > idea.  There is a (small) time period where your machines are vunerable.
> > Here is an idea.  Get your scripts working properly, test them, and then
> > put them on your firewall.  There is no real need to dick about with your
> > firewall all the time.  That's what the testing phase is all about.
> >
> > Bad, bad, bad, bad, bad ......
> >
> > Cheers
> > Mark Collis
> > Trinity College
> >
> > >Now I start my scripts by making all chains accept-everything,
> > >and I only block-everything at the end of the script.
> > >
> > >Cheers,
> > >Alan Kennington.
> > >
>
>
>I'd just like to point out to the innocent bystanders that Mark
>has not inquired as to the circumstances and context of my statement.
>Think for yourselves. I do.
>There are no simple rules for right nad wrong in developing firewall scripts.
>Every statment that mark has made is wrong, because he didn't check the
>context and circumstances.
>
>So just develop your firewall scripts as you see fit in view of
>your own circumstances.
>Whatever you want to do is good.
>Don't let anyone make you feel guilty about the way you develop
>and test your firewall scripts.
>As Larry Wall said: "There's more than one way to do it."
>That applies to all areas of computing, not just Perl scripts.
>Test on a live system if it pleases you.
>Test on an off-line system (as I did) if you feel like it.
>But more important than anything else - think for yourselves.
>You/we are all individuals.
>The ethicists call this "situation ethics" as opposed to "rule ethics".
>Rule ethics are designed for people who do not have courage to
>think for themselves.
>
>Guilt is bad. Experimentation is good.
>It's linux. It's your life. Live it to the full. Get funky.
>
>Cheers, and goodnight,
>Alan Kennington.
>
>PS. As the game rules on bubblegum packs always say:
>The judge's decision is final, and flames will not be entered into.
>
>--------------------------------------------------------------------
>     name: Dr. Alan Kennington
>   e-mail: akenning@topology.org
>  website: http://topology.org/
>     city: Adelaide, South Australia
>   coords: 34.88051 S, 138.59334 E
>timezone: UTC+0930 http://topology.org/timezone.html
>  pgp-key: http://topology.org/key_ak2.asc


-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject