On 12/06/2012 10:57 AM, Les Mikesell wrote:
On Thu, Dec 6, 2012 at 9:49 AM, Giles Coochey giles@coochey.net wrote:
On 06-12-2012 15:41, Les Mikesell wrote:
On Thu, Dec 6, 2012 at 9:13 AM, m.roth@5-cent.us wrote:
Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities?
Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls.
Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked.
And you expect someone to be better at stopping this with iptables and a 'howto' than dedicated hardware and vendor training/support?
And outbound rule writing is very hard, as you have to sniff out traffic many times to figure out why an app is failing and then write a rule to allow that app out.