The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Shuttle & via epia... now firewalls



> > I would need to open port 80, as am running andromeda.
> > The alternative would involve opening port 80 on some other machine
> > inside the network.
>
> Well, that's one hole.....

Like I said, I'd need to open up port 80 on some machine on the network
anyway.
As long as I ensure the web server software has the latest greatest security
patches applied to it, then I'm probably okay for most casual attacks -
unless someone really really really want to get to my data on the internal
lan.

> > I'm not denying that ppl can get into machines and use them
> to attack
> > other machines.
> > I am saying that not all security breaches result in this.
>
> I'd agree with you entirely, but the chances of your machine being
> compromised, and the hacker being able to use it for whatever
> (s)he likes
> are higher if you've added more services to the distro. 
> That's the only
> point I'm trying to make.

Just as they are higher by only running one machine as your firewall instead
of the 2 or 3 you _should_ be using - and preferably with different OS'es
too so that a vunerability in one will hopefully be caught by one of the
other machines in the setup (I really must lookup that book to refresh my
memory on the function of each PC in the firewall).

> Ah, but you won't get into trouble if someone uses your well
> locked up gun
> to shoot someone.  However, if you left a licensed gun on the kitchen
> table, and someone was shot with it, you may be in trouble.

What if it is in a cupboard? :)
That's what we're talking about here:
the well locked up gun = 'proper' corporate level lan protection
the gun on the table = no security whatsoever
the cupboard is the firewall that is also a media server - better than the
table, not as good as the secure gun cabinet, but good enough for many
purposes (how many ppl know you have a gun?  and bullets?)

> Before someone tells me to get off my high horse, I'd like to
> point out
> that I am in the process of modifying a firewall distro. 
> Security is not
> the main aim of the distribution, rather a solution which
> does not yet
> exist.

Can't see anyone saying that.
A totally secure lan at no cost is the ideal
That will not happen.  No system is totally secure and security costs money.

I am arguing that it is not always necessary to go for the top security
system.
You are arguing that more security is required to prevent joe hacker using
your machine to attack a government system (Wargames anyone?), resulting in
a lawyer suing your ass!
I don't see any horses high or low :)

> Andy (running a Microsoft firewall at home :-/ )

And you think I'm not secure :-)  At least my hardware router is the
external 'face' of the lan

Tony


***********************************************************************
      Visit our Internet site at http://www.rbsmarkets.com

This e-mail is intended only for the addressee named above.
As this e-mail may contain confidential or privileged information,
if you are not the named addressee, you are not authorised to
retain, read, copy or disseminate this message or any part of it.
The Royal Bank of Scotland is registered in Scotland No 90312
Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB
Regulated by the Financial Services Authority
***********************************************************************

Yahoo! Groups Sponsor
{short
description of image}

For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe:  ukha_d-subscribe@xxxxxxx
Unsubscribe:  ukha_d-unsubscribe@xxxxxxx
List owner:  ukha_d-owner@xxxxxxx

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.