Is anyone actually USING IP QoS?
Brett_Watson at enron.net
Brett_Watson at enron.net
Wed Jun 16 18:18:41 UTC 1999
On 06/16/99 10:55:40 AM Alex P. Rudnev wrote:
>They (cisco) promised to realise ssh. Hope we'll see it in a few years,
>For now, install IPSEC, tunnel, bla-bla-bla, and may be you'll have a
>piece of security.
cisco *has* released code with ssh (ok, not released in the cisco-sense but
you can get it)
>Unix machine... drop all services you don't need, run your services not
>as the root, install secure level or read-onl.y file system - and no
>problems.
this is just rediculous. it's not as simple as "no problems". the things
you state are rather obvious but for a system to be used as *anything*
(cache, web server, video server, etc) you simply have to have certain
ports open, many times simple udp ports. locking down down services/ports,
and running anything you can as non-root certainly goes a long way in
protecting the system but it's just not that cut and dried.
i'll give you and vadim full credit for being math wizards, or scientists
(which i clearly am not) but don't choose your next career in the
computer/network security industry. :)
-brett
More information about the NANOG
mailing list