"Workstation" Product defaults to wide-open firewall

Reindl Harald h.reindl at thelounge.net
Wed Dec 10 11:54:06 UTC 2014


Am 10.12.2014 um 12:47 schrieb Bastien Nocera:
> Even if we chose static ports for those (or rather port ranges, because if you
> have multiple users running, you'd need multiple ports), leaving only those ports
> opened wouldn't stop other random applications from choosing those ports to
> do something nefarious. You're just limiting the availability of ports without
> increasing security

in other words you see the attack surface is the same if you can choose 
any random port with a wild guess or need at least to know something 
about the target system?

not that security by obsucrity alone helps much *but* any piece making 
intrusion harder helps and the overall security is defined by the 
summary of all pieces given that 100% security don't exist

and even if there is some hole it makes a difference how easy is it to 
find or let the attacker just move to a more open target

security is all about making things harder as long as you need a network 
connection and can't go offline

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141210/efa859e0/attachment.sig>


More information about the devel mailing list