Re: [Fed-Talk] Firewall
Re: [Fed-Talk] Firewall
- Subject: Re: [Fed-Talk] Firewall
- From: Michael <email@hidden>
- Date: Thu, 10 Apr 2008 12:14:23 -0400
On Apr 10, 2008, at 11:50 AM, Boyd Fletcher wrote:
but that is not fine grain enough. We need to be able to explicitly
set
which port and protocols are being used. We have some apps that open
additional ports and protocols but not all of them need to be
externally
accessible. yes I know we could some to loopback but we down have
control of
all of them.
basically, the current approach is a big black box as to what it is
really
doing and in security that is a very very bad idea. We would like to
know
exactly what is and is not being blocked.
Agreed. And 10.3 and 10.4 were even worse security-wise unless you
manually configured ipfw or used a third-party product.
Under 10.3 and 10.4 you had the illusion that you had control over the
ports and protocols when dealing with GUI.
It's a difficult problem to build an easy to use GUI for everyone that
configures a firewall and does not have serious flaws in it either
security-wise or usability-wise or disables the OS functions without
letting the user know.
The new firewall is a good start because it handles the two
applications many ports issue, but it does not handle the many ports
one application issue which bugs you. Going forward we need an
advanced configuration for each application listed. Also, more
control over the other system "essential" services that listen to the
Internet and the local network -- services that are not essential to
everyone, i.e. netbios, bootp.
I hate applications that break/crash/hang/exit just because I'm not
connected to the Internet.
Michael
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden