[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
James A. Peltier
jpeltier at sfu.ca
Fri Mar 21 18:54:34 UTC 2014
----- Original Message -----
| Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And,
| would
| you care strongly if it went away (or would you just migrate to
| something
| else)?
|
Yes, we do use TCP Wrappers. We also use IPTables, edge gateway firewalls, VPNs and other tools. The reason that we use them is to support additional security.
The case is being made to remove a tool that is considered to be legacy. While it is understood that legacy = old/unmaintained/crap, it does remove an additional layer of security that can be applied for a base system. So the question then is, what can be used as a suitable replacement? If so what is that suitable replacement? If one doesn't exist, how long until we can get one?
Security is about layering technology. IPTables doesn't solve all of the problems out there. People mentioned NFSv3 and moving to NFSv4 and while this may be suitable for some people it doesn't apply to others. To simply remove a tool because it's code hasn't been modified in X number of days,months,years,decades is really in many cases what I like to call "version envy".
I'd love to hear about the "old and unmaintainable code". It's open source code. If somethings broken you can fix it right!?! That's the open source mantra! Either provide a set of reasons why it should be removed and the alternatives that cover all the use cases of TCP Wrappers or let the code, that obviously works remain there undisturbed. It's an extra layer of security that administrators can use to secure their systems and it's dead simple to understand!
--
James A. Peltier
Manager, IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone : 778-782-6573
Fax : 778-782-3045
E-Mail : jpeltier at sfu.ca
Website : http://www.sfu.ca/itservices
"Around here, however, we don’t look backwards for very long. We KEEP MOVING FORWARD, opening up new doors and doing things because we’re curious and curiosity keeps leading us down new paths." - Walt Disney
More information about the CentOS
mailing list