[BBLISA] Firewall question #2

A Page in the Life of ... dkap at haven.org
Fri Mar 12 11:14:09 EST 2004


I think, with all due respect to the arguement, that BOTH should be the
answer.

Having both a crunchy outside AND a crunchy center should be the call of
the day.

You also should encrypt all your traffic.  SSH to other machines, mail
should be using STARTLS, both for authenticaton, and to encrypt content.
IM traffic should be encrypted end-to-end, CVS should be used to share
documents, and done over SSH, et al.

The less there is to sniff, and the less there is unauthenticated, the less
there is for the virus folks to play with.  If you have suspenders and a
belt, it takes a much more traumatic event to pants you.

-dkap

P.S.  There are two levels of paranoia.  Complete, and insufficient.





More information about the bblisa mailing list