home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!cis.ohio-state.edu!ucbvax!ulysses!ulysses.att.com!smb
- From: smb@ulysses.att.com (Steven Bellovin)
- Newsgroups: comp.protocols.tcp-ip
- Subject: Re: Firewall usage (was: Re: ping works, but ftp/telnet get "no route)
- Message-ID: <17008@ulysses.att.com>
- Date: 24 Jul 92 19:10:56 GMT
- References: <BrruC8.FEo@spock.dis.cccd.edu> <BrsM1C.36v@cs.columbia.edu> <1992Jul24.045228.11119@decuac.dec.com>
- Sender: netnews@ulysses.att.com
- Lines: 18
-
- Let me very strongly second what Marcus Ranum said about the need for
- firewalls. No, I don't want to run one. However, given the abominable
- state of host security, I have no choice. You can blame software
- designers for not paying enough attention to the problem (and certainly,
- that's some of the trouble), or you can blame the current state of
- software engineering (if all large programs have bugs, then by Murphy's
- Law all large network servers have security bugs), or you can blame
- lax administration by folks who are more interested in getting their own
- work done. It doesn't matter. I may or may not be able to keep my
- own machine secure (modulo new surprises from the Hole of the Month Club);
- I *know* I can't secure the tens of thousands of machines connected
- to AT&T's internal networks.
-
- Are their attackers out there? You'd better believe it. Skeptics are
- invited to ftp dist/internet_security/dragon.{dvi,ps} from research.att.com;
- it's a draft of a paper I'll be presenting at the UNIX Security Symposium.
-
- --Steve Bellovin
-