|
The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024
|
Latest message you have seen: Re: BT cabling through patch panel |
[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
RE: Shuttle & via epia... now firewalls
- To: <ukha_d@xxxxxxx>
- Subject: RE: Shuttle & via epia... now firewalls
- From: "Lee Varga" <lee@xxxxxxx>
- Date: Wed, 10 Jul 2002 23:38:00 +0100
- Mailing-list: list ukha_d@xxxxxxx; contact
ukha_d-owner@xxxxxxx
- Reply-to: ukha_d@xxxxxxx
>>> "Seems a bit of a waste IMO to have 3 - why not combine
the internet
>>> gateway/firewall machine with the MP3 jukebox?"
>>
>> Hmmm, some people just don't get it do they...
>If you want to throw away your money on lots of
overpowered/underutilised
>hardware then go ahead, but not everyone does.
I don't think using an old 486 (?15 worth?) that I got free is throwing
money away...
>My point was that pc hardware can serve several functions easily and
not
>require separate boxes for everything.
If you're going to the trouble of building/using a hardware firewall,
then
you may as well do the job properly. Any changes you make to the system
(unless you understand it inside/out - which I doubt most ppl do) WILL
lead
to holes that can be exploited. You may have all your stuff backed up,
but
rebuilding systems is a pain, and there are _so_ may other things/toys
to
play with rather than fixing current ones. Do the job properly, do it
once,
move on.
>Firewall software, simplistically does little more than say "hello
packet.
>Do I know you and am I allowed to let you in (or out)?".
There's a fair bit more to it than that. IPCHAIN/IPTABLES basically
does
this, SNORT looks for patterns over multiple packets indicating
intrusions
into the network, then there's the logging, etc. etc.
>I set permissions on my shares appropriate to the situation - e.g. my
media
>files are read only to users in my domain.
>My personal document shares are read/write to me but no access to
anyone.
>etc.
Setting files as R/O will slow Mr. Hacker down for a few moments, before
he
download/wipes them.
Your personal shares won't last that long when he gets admin rights...
Then
he'll spam 1,000,000 emails, before launching a DDOS on Amazon and then
destroy everything. If you're lucky. Or he may just leave a backdoor open
so
he can pop back when he wants to. Perhaps he'll investigate your
servers,
find out what Homeseer is and turn all your taps on and flood the house?
OR
download all your personal files?
>Just because I run a firewall does not mean my network is 100% secure,
even
>if _nothing_ else is running on the box.
No, but a properly built/configed wall will stop all but the best of
'em.
>I am arguing that it is not always necessary to go for the top
security
>system.
True, but if you're going to bother, then do the job properly.
>You are arguing that more security is required to prevent Joe hacker
using
>your machine to attack a government system (Wargames anyone?)
Check out http://www.honeynet.org
unadvertised machines getting compromised
15mins after going online... And according to http://www.theregister.co.uk
today web attacks are rapidly increasing...
>At least my hardware router is the external 'face' of the lan
Yes, because bit of NAT is almost as good as a Cisco firewall :
I don't mean to flame Tony, but the net is a dangerous place, and it's
getting worse. The number of automated attack tools grows by the day, so
the
'l33t' script kiddies who have no idea about what they are doing/what
damage
can be done grows by the day. They just download the attack tool,
install
it, run it, it can 1000's of machines per hour, it does all the hard
work...
they just sit back and watch the chaos.
If you're serious about your gear and it's connected to the net, build a
?15
firewall, do it properly , do it once, move on. Just don't get clever
and
cut corners.
Sermon over.
Lee.
Yahoo! Groups
Sponsor |
ADVERTISEMENT
|
|
For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe: ukha_d-subscribe@xxxxxxx
Unsubscribe: ukha_d-unsubscribe@xxxxxxx
List owner: ukha_d-owner@xxxxxxx
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
Home |
Main Index |
Thread Index
|
|