Maybe it's time to get rid of tcpwrappers/tcpd?

[Nicolas Mailhot]

Le Sam 22 mars 2014 03:21, Lennart Poettering a écrit :

> And you honestly believe that people who are capable enough of setting
> up DNS locally and across the company in a secure way to do something

To set up DNS securely you need a handful of people to manage a master dns
and its slave on the internal network, and order every one else to use
them only.

To set up filtering rules you need someone for each handful of servers,
and with virtualization, that's not the same kind of number at all. Apps
sprout up like mushrooms after rain, they change all the time, they
conflict with each other, just conveying information from the development
teams to the security people is a full time job. Something that is widely
understood and can be done by rote by less-clueful people to harden things
a bit is not to be spurned.

Regards,

-- 
Nicolas Mailhot