The UK Home Automation Archive | ||
| Archive Home | ||
| Group Home | ||
|
The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024 | ||
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Shuttle & via epia... now firewalls
> I don't think using an old 486 (?15 worth?) that I got free > is throwing > money away... Perhaps not, but the original post referred to 3 via epia based PC's, one > >My point was that pc hardware can serve several functions > easily and not > >require separate boxes for everything. > > If you're going to the trouble of building/using a hardware > firewall, then > you may as well do the job properly. Any changes you make to See Mark Harrison's post on what a firewall *should* look like. _that_ is doing the job properly. Your =A315 pc is not. If you're going to tell someone to do the job properly, then don't hold up<= BR> your imperfect system as an example of how to do so! > >Firewall software, simplistically does little more than say > "hello packet. > >Do I know you and am I allowed to let you in (or out)?". > > There's a fair bit more to it than that. IPCHAIN/IPTABLES > basically does > this, SNORT looks for patterns over multiple packets > indicating intrusions > into the network, then there's the logging, etc. etc. Um...I was simplifying it. That's why there's no need to mention logg= ing etc. > >I set permissions on my shares appropriate to the situation > - e.g. my media > >files are read only to users in my domain. > >My personal document shares are read/write to me but no > access to anyone. > >etc. > > Setting files as R/O will slow Mr. Hacker down for a few Sorry, I meant the shares on my XP/2k boxes are set to allow users in my This is a bit more secure than hoping they don't know how to go right-click= , properties and uncheck the read-only flag :) > Your personal shares won't last that long when he gets admin > rights... Then Of course anybody with admin rights can do anything they like. The th= ing is to stop them getting admin rights in the first place. My hardware firewall/router opening port 80 only to a specific machine is > he can pop back when he wants to. Perhaps he'll investigate > your servers, > find out what Homeseer is and turn all your taps on and flood > the house? OR Maybe he will find out what homeseer is, but given that I don't have it, > >Just because I run a firewall does not mean my network is > 100% secure, even > >if _nothing_ else is running on the box. > > No, but a properly built/configed wall will stop all but the > best of 'em. Well perhaps they'll look on your 'proper' =A315 firewall as more of a challenge than my lowly hardware firewall and leave mine alone :] > >I am arguing that it is not always necessary to go for the > top security > >system. > > True, but if you're going to bother, then do the job properly. Oh so you _are_ going to go for a full on 3+ machine firewall, utilising After all, if _you're_ going to bother, then _you_ do the job properly. > >You are arguing that more security is required to prevent > Joe hacker using > >your machine to attack a government system (Wargames anyone?) > > Check out http://www.honeynet.org<= /a> unadvertised machines > getting compromised > 15mins after going online... And according to Yes, we all know about ppl who get a broadband connection and plug it straight into their PC with no protection at all. And we all know there is software out there to scan a range of addresses an= d see if there are any open ports at those addresses. > >At least my hardware router is the external 'face' of the lan > > Yes, because bit of NAT is almost as good as a Cisco firewall : then there's the packet filtering, port blocking, accesslogging, mac addres= s restrictions..... Please don't ridicule a product when you don't even know what it is or what= it's capabilities are. > I don't mean to flame Tony, but the net is a dangerous place, and it's= You do a good job though :> Yes, net attacks are on the increase. Yes, ppl do connect their machines to the net without any security in place= Yes, there are ppl running port scanners out there Yes, in an ideal world, we'd all have a 'proper' firewall that was totally<= BR> invunerable to any kind of attack. BUT - Not everyone connects their machines to the net with no security in place= - Not everyone wants or needs that the level of protection afforded by a - Anything less than 'proper' should not be dismissed as totally insecure,<= BR> which is implied in your email. Also, have you considered that by going for a 'proper' firewall (what you increase the likelihood of being attacked? A l33t hacker discovering your system is reasonably well protected may feel= you have something to hide - otherwise you wouldn't have that level of protection, so they get to work and crack that puppy open (after all, if system when it was a b0ring system anyway....... > Sermon over. Thank fcuk for that :] Lets not start a real flame war. As discussed with others yesterday,<= BR> different ppl have different needs and views on the level of network security you need. I think this thread has run it's course now. Tony *********************************************************************** Visit our Internet site at http://www.rbsmarkets.com This e-mail is intended only for the addressee named above. As this e-mail may contain confidential or privileged information, if you are not the named addressee, you are not authorised to retain, read, copy or disseminate this message or any part of it. The Royal Bank of Scotland is registered in Scotland No 90312 Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB Regulated by the Financial Services Authority ***********************************************************************
For more information: http://www= .automatedhome.co.uk Post message: ukha_d@xxxxxxx Subscribe: ukha_d-subscribe@xxxxxxx Unsubscribe: ukha_d-unsubscribe@xxxxxxx List owner: ukha_d-owner@xxxxxxx Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
|