I don't need no stinking firewall!

Jared Mauch jared at puck.nether.net
Tue Jan 5 15:20:56 CST 2010


On Jan 5, 2010, at 3:58 PM, Brielle Bruns wrote:

> It's all how you configure and tweak the firewall.  Recommending people run servers without a firewall is bad advice - do you really want your Win2k3 server exposed, SMB, RPC, and all to the world?

Some people think that exposing any functionality by default such as that is a poor security practice :)

My biggest issue is that people think that Firewalls, AV, etc  are a catch-all for any network/user/security badness.  The real world is more complex than that.

Most people make poor security choices and this creates much larger issues.

"I thought the firewall would protect me".
"I thought my IPS would protect me"
"I thought my AV would protect me"

Most of these technologies create a truly false sense of security.

I'm once again reminded of many people who do technically "silly" things like block TCP/53, packets over 512 bytes, port 587, ssl imap ports, etc.

It's frustrating and sad because it's not an effective security strategy and frustrates grumpy old-school users as myself that used odi drivers w/ ka9q to multitask over our CSLIP networks.

- Jared



More information about the NANOG mailing list