RootPrompt.org: Amateur Fortress Building in Linux Part 2Sep 16, 2000, 21:12 (0 Talkback[s])
(Other stories by Sander Plomp)
"Trying to get my Linux system secured the way I like it, I found out I'm actually working by a simple rule. I'm trying to avoid a single point of failure."
"A single point of failure means that a single mistake, bug or error means an attacker can get sufficient control on the host so that he can do serious damage. A firewall is of limited use of various system daemons, running as root, peek through it, waiting for the next buffer overflow attack. Similarly, if your firewall is all that stands between the script kiddies and highly vulnerable network services you're putting a lot of trust in your ability to build the perfect firewall."
"Of course, deep down there is always some potential for catastrophic security hole - in the TCP stack, the kernel, whatever. There is no alternative to accepting that, at some time, the worst happens and the only way out is to get things patched as quickly as possible. I can live with that. I just don't want it to be a biweekly event."