RE: Shuttle & via epia... now firewalls

["Lee Varga" <lee@xxxxxxx>]

Always wanting to have the last word... :)

>See Mark Harrison's post on what a firewall *should* look like.
>_that_ is doing the job properly. Your =A315 pc is not.

Oh contraire, my =A315 Linux based IPCop does a sparkling job...

>Um...I was simplifying it.  That's why there's no need to mention = logging
etc.

Yes, but the use of Intrusion Detection Systems is quite important...

>My hardware firewall/router opening port 80 only to a specific machine = is
>not the same as going 'look - here's my admin password, and BTW all my = NT
>shares are open to world too'.

No, but one buffer overflow exploit in the software running on port80 and and it may as well be.

>Oh so you _are_ going to go for a full on 3+ machine firewall, utilisin= g
>different OS'es and firewall software at each stage?
>After all, if _you're_ going to bother, then _you_ do the job properly.=

Nope, hiding three machines behind three firewalls would be a bit OTT
wouldn't it?
But if you're going to the trouble of building _a_ firewall then
don't compromise it by adding other software/jobs to it, which defeats
the object of the exercise.

>Please don't ridicule a product when you don't even know what it is or = what
>it's capabilities are.

Sorry, no ridicule intended. I've looked at a lot of 'firewalls' that are built in modems/routers/etc. most leave a lot to be desired...

>Not everyone connects their machines to the net with no security in pla= ce

Err, actually most ppl do, fortunately most only connect for short periods<= BR> of time.

>Not everyone wants or needs that the level of protection afforded by a<= BR> 'proper' firewall.

Mostly because they don't know any better?

>Anything less than 'proper' should not be dismissed as totally insecure= ,
which is implied in your email.

Sorry, that wasn't what I meant. My point was that if you're going to do it= ,
you may as well do it properly.

>Also, have you considered that by going for a 'proper' firewall (what y= ou
>consider 'proper' (a $15 pc - not a multi machine firewall)) you may in= fact
>increase the likelihood of being attacked?

The firewall is the software, it was written my a bunch of ppl who know wha= t
they are doing, far more than most. It's then been scrutinised by others to=
make sure its OK. The platform it runs on is incidental.
And surely saying that is like saying you're more likely to get burgled
because you have an alarm?
The fact's suggest otherwise.

Lee.
(Crawls back behind his firewall).

For more information: http://www=
.automatedhome.co.uk 
Post message: ukha_d@xxxxxxx 
Subscribe:  ukha_d-subscribe@xxxxxxx 
Unsubscribe:  ukha_d-unsubscribe@xxxxxxx 
List owner:  ukha_d-owner@xxxxxxx

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.