[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] LAN rule suggestions
 Date:  Wed, 4 Apr 2007 00:00:46 -0400
On 4/3/07, Lee Sharp <leesharp at hal dash pc dot org> wrote:
> When you think you have all you need, turn
> it off, and you are secure.

If only it were that simple.  :)   I know Lee knows better and was
just oversimplifying for the sake of not writing a dissertation, but I
don't want anyone to think "gee, there's nothing to this security

If you permit anything, you're not secure. Or potentially not secure.
If you only permit the bare minimum of what you require, you're as
locked down as you can be, which is the best you can do. Completely
secure systems are unusable ones, you have to accept some trade offs
to have a functional environment.