Re: ATT's DSL Lite for Linux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Jan 22, 2009 at 03:12:10AM +1030, Tim wrote:
> Me either.  My DSL modem is a modem/router.  I prefer that to having a
> plethora of boxes, and I'd rather have it log on, than have to have some
> other device authenticate and then route/switch.

This is a matter of personal preference, certainly.  I used to totally
turn of PPPoE authentication in the DSL modem and push it back to the
firewall (or Linux system if no hardware firewall), but these days I'll
usually let the DSL modem do that, if it can do so and still support
bridging.  It makes management of the firewall simpler, and hacking a
shade harder.

> My wireless is a separate box, though.  I'm still not thrilled about
> wireless security.

That Versa Technologies unit has very decent management for security and
configuration (not to mention greatly increased range).  Of course,
never use WEP if you have a choice.

> They each have their own firewall features, such as they are, and so do
> all the computers.

"Such as they are" is the operative phrase for the consumer-grade units.

> Though I'm of the mind that you configure services properly, not
> rely on a firewall to stand in the way of remotely exploiting some
> vulnerability you left open.

Rely on?  Of course not.  "Defense in depth"--each layer does its
own job, and multiple layers of security give you better protection--or,
and perhaps as importantly, warning that someone is knock-knock-knocking
at your front door.

Simple firewalls protect against administrator error--how often I've been
told, "I was running THAT service?  I didn't mean to!".  But they, by
definition, don't to squat to protect those services that are passed
through.  (Firewalls with stateful inspection do more, of course,
but are concomitantly more difficult to configure; usually beyond what
individuals, or usually even small businesses, are up to.)

So for those services you've allowed through, it's critical to properly
configure and monitor, yes.

Cheers,
--
	Dave Ihnat
	dihnat@xxxxxxxxxx

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux