gilles at gravier.org
Mon Jan 19 12:28:49 UTC 2009
Steve Lamb wrote:
> Gilles Gravier wrote:
>> So you close your port 80 when not receiving HTTP requests either?
> *sigh* See, comments like this is why I think you're full of it. I did
> state clearly that not leaving the port open for the entire world to access
> when the entire world has no business accessing it is a problem. Since 80 is
> for serving up web pages TO THE WORLD it would make no sense closing it down
> TO THE WORLD, now would it?
I don't know about you, but my web server is not for the world. It's for
my family and friends. It makes sense to actually protect it. That's why
there is authentication mechanisms in place (yes, logins and passwords,
not knockd) in the relevant sections. Not everybody shares the same mode
of use of each and every tool. Here, it's you who makes the assumption
that every web server out there is for public (THE WORLD as you say)
use... Unfortunately the world isn't as you seem to think it is. Not ONE
models applies to every situation.
>> And by the way... you keep your CISSP certification year over year by
>> practicing security and not by just paying your fees.
> Then I wonder how you do it since it obviously isn't by using it. I'm
> glad I read you right from the onset. Have fun scoring points and spreading
> bad advice.
Too cute to be true, this one. Thanks, though, as that definitely made
More information about the ubuntu-users