The UK Home Automation Archive | ||
| Archive Home | ||
| Group Home | ||
|
The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024 | |||
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Shuttle & via epia... now firewalls
>>> "Seems a bit of a waste IMO to have 3 - why not combine the internet >>> gateway/firewall machine with the MP3 jukebox?" >> >> Hmmm, some people just don't get it do they... >If you want to throw away your money on lots of overpowered/underutilised >hardware then go ahead, but not everyone does. I don't think using an old 486 (?15 worth?) that I got free is throwing money away... >My point was that pc hardware can serve several functions easily and not >require separate boxes for everything. If you're going to the trouble of building/using a hardware firewall, then you may as well do the job properly. Any changes you make to the system (unless you understand it inside/out - which I doubt most ppl do) WILL lead to holes that can be exploited. You may have all your stuff backed up, but rebuilding systems is a pain, and there are _so_ may other things/toys to play with rather than fixing current ones. Do the job properly, do it once, move on. >Firewall software, simplistically does little more than say "hello packet. >Do I know you and am I allowed to let you in (or out)?". There's a fair bit more to it than that. IPCHAIN/IPTABLES basically does this, SNORT looks for patterns over multiple packets indicating intrusions into the network, then there's the logging, etc. etc. >I set permissions on my shares appropriate to the situation - e.g. my media >files are read only to users in my domain. >My personal document shares are read/write to me but no access to anyone. >etc. Setting files as R/O will slow Mr. Hacker down for a few moments, before he download/wipes them. Your personal shares won't last that long when he gets admin rights... Then he'll spam 1,000,000 emails, before launching a DDOS on Amazon and then destroy everything. If you're lucky. Or he may just leave a backdoor open so he can pop back when he wants to. Perhaps he'll investigate your servers, find out what Homeseer is and turn all your taps on and flood the house? OR download all your personal files? >Just because I run a firewall does not mean my network is 100% secure, even >if _nothing_ else is running on the box. No, but a properly built/configed wall will stop all but the best of 'em. >I am arguing that it is not always necessary to go for the top security >system. True, but if you're going to bother, then do the job properly. >You are arguing that more security is required to prevent Joe hacker using >your machine to attack a government system (Wargames anyone?) Check out http://www.honeynet.org unadvertised machines getting compromised 15mins after going online... And according to http://www.theregister.co.uk today web attacks are rapidly increasing... >At least my hardware router is the external 'face' of the lan Yes, because bit of NAT is almost as good as a Cisco firewall : I don't mean to flame Tony, but the net is a dangerous place, and it's getting worse. The number of automated attack tools grows by the day, so the 'l33t' script kiddies who have no idea about what they are doing/what damage can be done grows by the day. They just download the attack tool, install it, run it, it can 1000's of machines per hour, it does all the hard work... they just sit back and watch the chaos. If you're serious about your gear and it's connected to the net, build a ?15 firewall, do it properly , do it once, move on. Just don't get clever and cut corners. Sermon over. Lee.
For more information: http://www.automatedhome.co.uk Post message: ukha_d@xxxxxxx Subscribe: ukha_d-subscribe@xxxxxxx Unsubscribe: ukha_d-unsubscribe@xxxxxxx List owner: ukha_d-owner@xxxxxxx Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
|