Re: Maybe it's time to get rid of tcpwrappers/tcpd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le Sam 22 mars 2014 03:21, Lennart Poettering a écrit :

> And you honestly believe that people who are capable enough of setting
> up DNS locally and across the company in a secure way to do something

To set up DNS securely you need a handful of people to manage a master dns
and its slave on the internal network, and order every one else to use
them only.

To set up filtering rules you need someone for each handful of servers,
and with virtualization, that's not the same kind of number at all. Apps
sprout up like mushrooms after rain, they change all the time, they
conflict with each other, just conveying information from the development
teams to the security people is a full time job. Something that is widely
understood and can be done by rote by less-clueful people to harden things
a bit is not to be spurned.

Regards,

-- 
Nicolas Mailhot

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux