The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024

Latest message you have seen: LA site down?


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Shuttle & via epia... now firewalls


  • To: <ukha_d@xxxxxxx>
  • Subject: RE: Shuttle & via epia... now firewalls
  • From: "Lee Varga" <lee@xxxxxxx>
  • Date: Thu, 11 Jul 2002 20:09:58 +0100
  • Mailing-list: list ukha_d@xxxxxxx; contact ukha_d-owner@xxxxxxx
  • Reply-to: ukha_d@xxxxxxx

Always wanting to have the last word... :)

>See Mark Harrison's post on what a firewall *should* look like.
>_that_ is doing the job properly. Your =A315 pc is not.

Oh contraire, my =A315 Linux based IPCop does a sparkling job...

>Um...I was simplifying it.  That's why there's no need to mention = logging
etc.

Yes, but the use of Intrusion Detection Systems is quite important...

>My hardware firewall/router opening port 80 only to a specific machine = is
>not the same as going 'look - here's my admin password, and BTW all my = NT
>shares are open to world too'.

No, but one buffer overflow exploit in the software running on port80 and and it may as well be.

>Oh so you _are_ going to go for a full on 3+ machine firewall, utilisin= g
>different OS'es and firewall software at each stage?
>After all, if _you're_ going to bother, then _you_ do the job properly.=

Nope, hiding three machines behind three firewalls would be a bit OTT
wouldn't it?
But if you're going to the trouble of building _a_ firewall then
don't compromise it by adding other software/jobs to it, which defeats
the object of the exercise.

>Please don't ridicule a product when you don't even know what it is or = what
>it's capabilities are.

Sorry, no ridicule intended. I've looked at a lot of 'firewalls' that are built in modems/routers/etc. most leave a lot to be desired...

>Not everyone connects their machines to the net with no security in pla= ce

Err, actually most ppl do, fortunately most only connect for short periods<= BR> of time.

>Not everyone wants or needs that the level of protection afforded by a<= BR> 'proper' firewall.

Mostly because they don't know any better?

>Anything less than 'proper' should not be dismissed as totally insecure= ,
which is implied in your email.

Sorry, that wasn't what I meant. My point was that if you're going to do it= ,
you may as well do it properly.

>Also, have you considered that by going for a 'proper' firewall (what y= ou
>consider 'proper' (a $15 pc - not a multi machine firewall)) you may in= fact
>increase the likelihood of being attacked?

The firewall is the software, it was written my a bunch of ppl who know wha= t
they are doing, far more than most. It's then been scrutinised by others to=
make sure its OK. The platform it runs on is incidental.
And surely saying that is like saying you're more likely to get burgled
because you have an alarm?
The fact's suggest otherwise.

Lee.
(Crawls back behind his firewall).


For more information: http://www= .automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe:  ukha_d-subscribe@xxxxxxx
Unsubscribe:  ukha_d-unsubscribe@xxxxxxx
List owner:  ukha_d-owner@xxxxxxx

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.