RE: Shuttle & via epia... now firewalls

["BUTLER, Tony, FM" <tony.butler@xxxxxxx>]

> > I would need to open port 80, as am running andromeda.
> > The alternative would involve opening port 80 on some other
machine
> > inside the network.
> 
> Well, that's one hole.....

Like I said, I'd need to open up port 80 on some machine on the network
anyway.
As long as I ensure the web server software has the latest greatest
security
patches applied to it, then I'm probably okay for most casual attacks -
unless someone really really really want to get to my data on the
internal
lan.

> > I'm not denying that ppl can get into machines and use them 
> to attack
> > other machines.
> > I am saying that not all security breaches result in this.
> 
> I'd agree with you entirely, but the chances of your machine being
> compromised, and the hacker being able to use it for whatever 
> (s)he likes 
> are higher if you've added more services to the distro.  
> That's the only 
> point I'm trying to make.

Just as they are higher by only running one machine as your firewall
instead
of the 2 or 3 you _should_ be using - and preferably with different
OS'es
too so that a vunerability in one will hopefully be caught by one of
the
other machines in the setup (I really must lookup that book to refresh
my
memory on the function of each PC in the firewall).

> Ah, but you won't get into trouble if someone uses your well 
> locked up gun 
> to shoot someone.  However, if you left a licensed gun on the
kitchen 
> table, and someone was shot with it, you may be in trouble.

What if it is in a cupboard? :)
That's what we're talking about here:
the well locked up gun = 'proper' corporate level lan protection
the gun on the table = no security whatsoever
the cupboard is the firewall that is also a media server - better than
the
table, not as good as the secure gun cabinet, but good enough for many
purposes (how many ppl know you have a gun?  and bullets?)

> Before someone tells me to get off my high horse, I'd like to 
> point out 
> that I am in the process of modifying a firewall distro.  
> Security is not 
> the main aim of the distribution, rather a solution which 
> does not yet 
> exist.

Can't see anyone saying that.
A totally secure lan at no cost is the ideal
That will not happen.  No system is totally secure and security costs
money.

I am arguing that it is not always necessary to go for the top security
system.
You are arguing that more security is required to prevent joe hacker
using
your machine to attack a government system (Wargames anyone?), resulting
in
a lawyer suing your ass!
I don't see any horses high or low :)

> Andy (running a Microsoft firewall at home :-/ )

And you think I'm not secure :-)  At least my hardware router is
the
external 'face' of the lan

Tony


***********************************************************************
      Visit our Internet site at http://www.rbsmarkets.com

This e-mail is intended only for the addressee named above.
As this e-mail may contain confidential or privileged information,
if you are not the named addressee, you are not authorised to
retain, read, copy or disseminate this message or any part of it.
The Royal Bank of Scotland is registered in Scotland No 90312
Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB 
Regulated by the Financial Services Authority
***********************************************************************

Yahoo! Groups Sponsor

For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx 
Subscribe:  ukha_d-subscribe@xxxxxxx 
Unsubscribe:  ukha_d-unsubscribe@xxxxxxx 
List owner:  ukha_d-owner@xxxxxxx

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.