|
anthonypants posted:what's wrong with firewalld host-based firewalls in the enterprise are lol as gently caress
|
# ? Nov 6, 2017 21:02 |
|
|
# ? May 15, 2024 04:32 |
|
why's that (legit question)
|
# ? Nov 6, 2017 21:04 |
|
Wiggly Wayne DDS posted:some more android vulnerabilities: https://pleasestopnamingvulnerabilities.com 690k line wlan driver, nice
|
# ? Nov 6, 2017 21:07 |
|
windows firewall configured with GPO is Objectively Good and should be used in conjunction with proper zoning. linux is probably a clusterfuck to manage but nothing important happens on those garbage systems so whatever
|
# ? Nov 6, 2017 21:08 |
|
Ciaphas posted:why's that (legit question) let's run the firewall on the same system normal users have access to, nothing could possibly go wrong
|
# ? Nov 6, 2017 21:10 |
|
i bet someone will write some big effortpost about how actually it's not such a big deal because blah blah have you considered that i'm right
|
# ? Nov 6, 2017 21:14 |
|
RISCy Business posted:let's run the firewall on the same system normal users have access to, nothing could possibly go wrong Normal users sure as poo poo don't have access to the engineering servers.
|
# ? Nov 6, 2017 21:16 |
|
ratbert90 posted:Normal users sure as poo poo don't have access to the engineering servers. do you really want anyone besides network/security people to even have the possibility of touching your firewalls compromised user account? rogue employee? you're opening yourself up to way more risk than if you were to run a hardware firewall with good throughput on that network and only allow a much smaller subset of people to access it also you wouldn't be janitoring firewalls on multiple different systems because you'd have really neat stuff like object groups
|
# ? Nov 6, 2017 21:19 |
|
BangersInMyKnickers posted:windows firewall configured with GPO is Objectively Good and should be used in conjunction with proper zoning. linux is probably a clusterfuck to manage but nothing important happens on those garbage systems so whatever Look it's discount shaggar
|
# ? Nov 6, 2017 21:26 |
|
RISCy Business posted:do you really want anyone besides network/security people to even have the possibility of touching your firewalls Who says I don't have a hardware firewall?
|
# ? Nov 6, 2017 21:27 |
|
ufc is mining bitcoin on people's machines https://np.reddit.com/r/MMA/comments/7b4zdk/fight_pass_is_shady_ysk_ufc_fight_pass_is_using/dpf96js/
|
# ? Nov 6, 2017 21:29 |
|
RISCy Business posted:do you really want anyone besides network/security people to even have the possibility of touching your firewalls lol at thinking that you can't trust endpoint servers but also assuming your internal networks aren't hostile
|
# ? Nov 6, 2017 21:32 |
|
east west threat model lol
|
# ? Nov 6, 2017 21:33 |
|
RISCy Business posted:do you really want anyone besides network/security people to even have the possibility of touching your firewalls because if you can't explain why you think it's bad i'm just going to assume you hate it because it blocks you from doing things out-of-the-box, and that you hate selinux for similar reasons
|
# ? Nov 6, 2017 21:39 |
|
PCjr sidecar posted:lol at thinking that you can't trust endpoint servers but also assuming your internal networks aren't hostile which is why you augment hardware firewalls with smart policy via gpo on windows or sudo policies on linux and firewall traffic in a way that makes sense?
|
# ? Nov 6, 2017 21:39 |
|
anthonypants posted:having a firewall on your internal network is a fine idea, but why does that mean a firewall on a server is bad. what, specifically, is wrong with firewalld. if you have the resources to janitor potentially disparate iptables configs for hundreds or thousands of different servers then by all means, run firewalld it's not specifically a firewalld issue, it's the issue of user accounts potentially having access to firewall configs to gently caress poo poo up in the first place
|
# ? Nov 6, 2017 21:42 |
|
RISCy Business posted:if you have the resources to janitor potentially disparate iptables configs for hundreds or thousands of different servers then by all means, run firewalld what did you gently caress up to let user accounts have access to firewall configs
|
# ? Nov 6, 2017 21:46 |
|
you know if you give someone sudo access on a box that doesn't automatically mean they get to use firewallctl, right
|
# ? Nov 6, 2017 21:47 |
|
anthonypants posted:you know if you give someone sudo access on a box that doesn't automatically mean they get to use firewallctl, right oh geez i had no idea, thank you for enlightening me
|
# ? Nov 6, 2017 21:48 |
|
At a ripe meeting a year or two ago DynDNS had a presentation about how they set p their nodes and they use iptables firewalls on their boxes and nothing else. I wonder how that's working out for them.
|
# ? Nov 6, 2017 21:50 |
|
RISCy Business posted:oh geez i had no idea, thank you for enlightening me
|
# ? Nov 6, 2017 21:50 |
|
spankmeister posted:At a ripe meeting a year or two ago DynDNS had a presentation about how they set p their nodes and they use iptables firewalls on their boxes and nothing else. If you're consistent with it, which a large corporate with some kind of decent management platform should be, then you're probably sitting pretty good because even if an endpoint gets popped and opens up its own firewall everything else in the zone is going to ignore its traffic
|
# ? Nov 6, 2017 21:56 |
|
quote:Your username: hmmmmm edit: submitted the form, it gave a gateway timeout error. filled it out and resubmitted and got "that username is already in use", fucks sake Powerful Two-Hander fucked around with this message at 23:31 on Nov 6, 2017 |
# ? Nov 6, 2017 23:23 |
|
why is this guy melting down about firewalls
|
# ? Nov 6, 2017 23:26 |
|
WAR DOGS OF SOCHI posted:why is this guy melting down about firewalls Welcome to SA, home of the loving strangest of hills to die on
|
# ? Nov 6, 2017 23:35 |
|
Proteus Jones posted:Welcome to SA, home of the loving strangest of hills to die on I like the "facebook and twitter are incestuous hitlerholes that need to be burned to the ground and salted ASAP and never ever replaced" hill myself, i'd die on that
|
# ? Nov 6, 2017 23:39 |
|
then again maybe i'm rather less alone on that hill nowadays than i was a couple years ago idk
|
# ? Nov 6, 2017 23:40 |
|
WAR DOGS OF SOCHI posted:why is this guy melting down about firewalls lol if your brain is so broken that you interpret anything i posted as a meltdown
|
# ? Nov 7, 2017 00:34 |
|
totally not angry about firewalls, got it
|
# ? Nov 7, 2017 00:59 |
|
gotta scream "MELTDOWN" from my clown car every time someone has a dissenting opinion on the funny computer forum because my brain is poisoned
|
# ? Nov 7, 2017 01:05 |
|
RISCy Business posted:why the gently caress are you running firewalld lmao never use ASAs
|
# ? Nov 7, 2017 01:09 |
|
NEED MORE MILK posted:lmao never use ASAs
|
# ? Nov 7, 2017 01:10 |
|
I dunno who posted about SMB v1 but a huge amount of Fortune 500 companies are now reaching out to vendors asking if our products will break if they disable v1 so get in quick (enterprise quick? like 2 years?) before they do it.
|
# ? Nov 7, 2017 01:11 |
|
lol I'm just dying to hear how level3's internal fuckup is responsible for nearly all of comcast going offline
|
# ? Nov 7, 2017 01:21 |
|
10 bucks says the bgp boys are at it again
|
# ? Nov 7, 2017 01:31 |
|
CrazyLittle posted:lol I'm just dying to hear how level3's internal fuckup is responsible for nearly all of comcast going offline What I saw from my perspective, coming from AS27364 (Armstrong Cable in Ohio and routed through their home base in Pittsburgh, PA), is that all my traffic destined for Comcast was routing through NTT New York, then NTT Ashburn, then to Level3 where it all went to hell before reaching the Comcast network. Didn't matter if it was destined for Pittsburgh, Chicago, or Houston it all seemed to have issues when it hit Level3 in DC. Others were reporting issues with Level3 in Chicago, but I didn't see that. Since 14:30 US Eastern time when things were fixed the route has instead been jumping straight from NTT to Comcast at 111 8th Ave. in NYC.
|
# ? Nov 7, 2017 01:37 |
|
CrazyLittle posted:lol I'm just dying to hear how level3's internal fuckup is responsible for nearly all of comcast going offline I'll go with "be a backbone provider and push a bad bgp route for $100, Alex"
|
# ? Nov 7, 2017 01:37 |
|
yeah level3 leaked more specific versions of prefixes belonging to comcast and got overwhelmed
|
# ? Nov 7, 2017 01:47 |
|
we literally had a Comcast rep in our office pitching Comcast fiber since we want a 10gig link for a new project when it happened lmao
|
# ? Nov 7, 2017 01:58 |
|
|
# ? May 15, 2024 04:32 |
|
can confirm I saw the problem in Chicago too
|
# ? Nov 7, 2017 03:10 |