|
The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024
|
Latest message you have seen: LA site down? |
[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
RE: Shuttle & via epia... now firewalls
- To: <ukha_d@xxxxxxx>
- Subject: RE: Shuttle & via epia... now firewalls
- From: "Lee Varga" <lee@xxxxxxx>
- Date: Thu, 11 Jul 2002 20:09:58 +0100
- Mailing-list: list ukha_d@xxxxxxx; contact
ukha_d-owner@xxxxxxx
- Reply-to: ukha_d@xxxxxxx
Always wanting to have the last word... :)
>See Mark Harrison's post on what a firewall *should* look like.
>_that_ is doing the job properly. Your =A315 pc is not.
Oh contraire, my =A315 Linux based IPCop does a sparkling job...
>Um...I was simplifying it. That's why there's no need to mention
=
logging
etc.
Yes, but the use of Intrusion Detection Systems is quite important...
>My hardware firewall/router opening port 80 only to a specific machine
=
is
>not the same as going 'look - here's my admin password, and BTW all my
=
NT
>shares are open to world too'.
No, but one buffer overflow exploit in the software running on port80
and
and it may as well be.
>Oh so you _are_ going to go for a full on 3+ machine firewall,
utilisin=
g
>different OS'es and firewall software at each stage?
>After all, if _you're_ going to bother, then _you_ do the job
properly.=
Nope, hiding three machines behind three firewalls would be a bit OTT
wouldn't it?
But if you're going to the trouble of building _a_ firewall then
don't compromise it by adding other software/jobs to it, which defeats
the object of the exercise.
>Please don't ridicule a product when you don't even know what it is or
=
what
>it's capabilities are.
Sorry, no ridicule intended. I've looked at a lot of 'firewalls' that
are
built in modems/routers/etc. most leave a lot to be desired...
>Not everyone connects their machines to the net with no security in
pla=
ce
Err, actually most ppl do, fortunately most only connect for short
periods<=
BR>
of time.
>Not everyone wants or needs that the level of protection afforded by
a<=
BR>
'proper' firewall.
Mostly because they don't know any better?
>Anything less than 'proper' should not be dismissed as totally
insecure=
,
which is implied in your email.
Sorry, that wasn't what I meant. My point was that if you're going to do
it=
,
you may as well do it properly.
>Also, have you considered that by going for a 'proper' firewall (what
y=
ou
>consider 'proper' (a $15 pc - not a multi machine firewall)) you may
in=
fact
>increase the likelihood of being attacked?
The firewall is the software, it was written my a bunch of ppl who know
wha=
t
they are doing, far more than most. It's then been scrutinised by others
to=
make sure its OK. The platform it runs on is incidental.
And surely saying that is like saying you're more likely to get burgled
because you have an alarm?
The fact's suggest otherwise.
Lee.
(Crawls back behind his firewall).
For more information: http://www=
.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe: ukha_d-subscribe@xxxxxxx
Unsubscribe: ukha_d-unsubscribe@xxxxxxx
List owner: ukha_d-owner@xxxxxxx
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
Home |
Main Index |
Thread Index
|
|