[CLUG] Office Share / Comp 4 Sale / Pints Friday / WIPT

[peter]

On Fri, 4 Mar 2005 14:14:32 -0000, adam beecher wrote
> Ronan,
> 
> There are literally hundreds of GUI and console-based iptables
> configurators, at least a dozen of which are extremely stable and 
> capable, 

Most of which are incomprehensible to anyone except a professional
security expert.

> so writing another one would be a waste of time and effort. 

Yes, reinventing this wheel _at that level_ is pointless.

> There are /no/ decent web-based configurators though, and that's 
> what I need and that's what lots of dedicated server operators need; 
> that's the target market I've suggested from the start. 

There is also a potentially bigger market of individuals-running-linux
who have no CS degree and little experience in security, although
I suspect most of them are very well aware that they need to be
better-protected. They won't know anything about ports or protocols,
but they will know the name of the application they want to permit, eg

  [ ] Allow incoming NetMeeting calls 
      (beep beep You realise this is a big security hole)

  [ ] Allow incoming IRC DCC files
      (beep beep You realise this is a gaping security chasm)

  [ ] Allow outgoing SSH to specified hosts

  [ ] Let me run an anonymous FTP server
      (gasp yuck are you really sure you want to do this?)

  [ ] Block everything from ___.___.___.___ and tell me if you see one.

and so on...

> So that's 
> what I'd like to do. If you're seriously concerned about security -
>  as you should be - assign yourself the task of "security overseer" 
> and keep an eye on us or something.

I'd simply ask for the individual user not to be left out in the cold.

///Peter