Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: John Rowan Littell (littejoearlham.edu)
Date: Mon Nov 05 2001 - 15:58:47 CST
Lo, Fabrice Bacchella and the coffee pot sang in unison:
> I always had a bad feeling about tcpwrappers, it can only protect a few
> daemons, those running with inetd and those willing to do so. That's
> little user against a hackers, how will just try something else. Try
> something like ipf instead, you can protect every service running on
> your machine.
Regardless of the applicability of this to SunCluster, I might
actually disagree here. There's no harm, in my mind, to adding an
_extra_ layer of security around a service. I'm not suggesting that
one forego ipf, but I am suggesting that it be used in combination
with tcpwrappers. If the processing overhead is minimal, throw as
much protection at the service as you can.
Note also that there's plenty of non-Sun specific software that can
use tcpwrappers without having to be in inetd -- the libwrap library
is for use by any service, anywhere, as long as you modify the source
to support it.
-- John "Rowan" Littell Systems Administrator Earlham College Computing Services
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (OpenBSD) Comment: For info see http://www.gnupg.org
iQCVAwUBO+cLlZdUNSJ2nf/5AQHeDwQAgfB6LBF9u773sIh5+VPLTgPScpYHO4ww 3F5mQXNu7t9Rw8HfnzgY0numNLsgYPlKZ1soCfrPdzHdubKjYdK1i+FVwiGuYiNi aQ5ZXRbywjK3LfoGpTqJL9IuON6DF8wDmVbDFzsBEQ43JimdwzsFsIyx0/Tsupoo LneqCjKfHBw= =tWyP -----END PGP SIGNATURE-----