Best firewall gateway version of Linux ?
Matthew Hawkins
matthew at topic.com.au
Tue Jan 15 20:57:34 EST 2002
On Tue, 15 Jan 2002, Damien Elmes wrote:
> and thus openbsd is often touted as 'security by default'. but i know of few
> boxes that are installed and then left alone, and by suggesting obsd is more
> secure, you're really only lulling them into a false sense of security.
If its going to be a dedicated firewall/router you can get away with the
defaults, however one of my biggest gripes with all the BSD's is that
the kernel "securelevel" parameter - vaguely similar to Linux
capabilities just not as well executed - is rendered utterly useless if
you have to run an X11 server on the box. Granted, not many people are
going to run an X11 server on a firewall, but on a workstation or server
which must run X11, one might like to up securelevel to get the benefits
of which there is no other way to obtain - but you can't. That's just
plain wrong, and it makes you wonder - and start to investigate when you
have the time - what other security-related items are just as shallow.
--
Matt
More information about the linux
mailing list