on the edge

computers & technology, books & writing, civilisation & society, cars & stuff

Greg Black

gjb at gbch dot net
Home page
Blog front page

If you’re not living life on the edge, you’re taking up too much space.

FQE30 at speed


RSS Feed

Worthy organisations

Amnesty International Australia — global defenders of human rights

global defenders of human rights

Médecins Sans Frontières — help us save lives around the world

Médecins Sans Frontières - help us save lives around the world

Electronic Frontiers Australia — protecting and promoting on-line civil liberties in Australia

Electronic Frontiers Australia


(Coming soon…)


(Coming soon…)


(Coming soon…)

Software resources

GNU Emacs


The FreeBSD Project

Wed, 17 Nov 2004

Firewall configuration errors

Just read an article from the June issue of Computer entitled A Quantitative Study of Firewall Configuration Errors by security researcher Avishai Wool. He has an online PDF copy available for those who aren’t members of the IEEE Computer Society.

The quantitative data are probably what make this interesting—in that they confirm what seems obvious with some useful numbers. The main conclusions are that “there are no good high-complexity rule sets” and that simplicity alone does not guarantee good results. This won’t surprise anybody, but the numbers were interesting.