March Meeting Presentations

George Toft plug-discuss@lists.plug.phoenix.az.us
Tue, 12 Mar 2002 21:01:40 -0500 

"John (EBo) David" wrote:
> 
> George Toft wrote:
[snip]
> > Next was portmapper and sendmail.  Having sendmail indicates this is
> > a mail server.  I shy away from having portmapper (or any r* services)
> > on any server w/o a good firewall or two between it and the Internet.
> 
> If I have things configured correctly, only local email is handled, and
> is forwarded through a sperate email server proper.  And I must admit
> that once I got all of the local trafic forwarding working correctly
> that I have not done much else to it.  But IIRC if you send an email
> from a terminal in comandline mode, then it needs sendmail up for it.
> If this is not the case I will gladly remove it from the
> process/services.

Nope.  You need sendmail installed, but not running in daemon mode.
Shut it off and see if you can send mail - I do it all the time.


> > My philosophy is that no machine should rely soly upon a firewall for
> > protection - they should be able to stand alone for a short period
> > of time in case the firewall is compromised.  You do have an Intrusion
> > Detection System on your firewall, right?
> 
> Well, I do not know.  I can only go by what the network admins tell me,
> and I have no controll...  Maybe I should explain a couple of details.
> While this is my personal machine (one of about 6), it is sitting on my
> desk at work at ASU.  I had this machine configured and built
> specifically so I would have a decient machine when I cam back to grad
> school.  I never assume that a department focusing on ecology are going
> to have much more than a PII-Win98 box.  So,...
> 
> The building supposidly has it's own firewall, and so does the major in
> and out of the U.  The quality of the security is open to debate, but
> seems to be reasonable most of the time -- though do NOT talk to them
> about running Solaris (it's a sore spot).  So, do they have an intrusion
> detection firewall - I think so, but I have no details, and less
> controll.

When I taught at the University of Hawaii, they had a firewall.  
Then some liberal whined about infringing on the First Amendment,
so the firewall was removed.  I taught networking, and it was 
pretty amazing to see what would happen when we went to grc.com.
Try it out.  While you're at it, head on over to scan.sygatetech.com
and see what they say.

George