On Mon, May 21, 2012 at 01:20:32AM +0930, Tim wrote: > This is the worst OS in the world to do that to. Dropping Windows pants > for a second is enough for it to get rogered by marauding bastards on > the net. That's true...except it shouldn't really matter. Because nobody should run a Windows box connected to the Internet except through some sort of firewall appliance anyway. A good one. (The ones built into most cable & DSL modems are marginal at best.) That said, if it's Windows XP don't bother turning on the firewall. Windows 7 (I won't use the 'V' word) actually has a much more capable firewall--but I still never recommend just counting on that to protect a site. Software firewalls are still software; they're running on a complex OS that can, itself, have vulnerabilities, installed software that can compromise firewall security, etc. "Wait a minute", I hear someone say. "What about Linux with IPTABLES? Isn't that secure?" The answer is yes, no, and maybe. Yes, Linux--with its Unix heritage--tends to be inherently more secure than Windows, since security, user privilege restrictions, etc. have been designed into the system since its inception. No, because if you're trying to run an IPTABLES firewall on a general-purpose Linux server, while it may be better than Windows, it's still subject to the whole complexity/modification/installed software modification issue. And maybe, because you can create a stripped Linux firewall configuration that mitigates those issues. So why, you ask, are firewall appliances any better? The simple answer is that if they're good, they've a stripped, minimal environment dedicated to running and managing the firewall, and only that (perhaps with VPN functionality.) They run from firmware that should be locked to modification. And finally, if you're runinng them in conjunction with the software firewall, you've got defense in depth; any penetration has to attack and defeat both the firmware firewall AND the software firewall, with separate attack vectors. Hopefully, you've got logging going on with both firewalls, and some log scanners looking for attacks. This shouldn't be a big problem--first, check that the CygWin sshd is actually running. Make sure it's on the port you're forwarding (you DID move it to a different port than the default, right? RIGHT?) Then, as someone else mentioned, try connecting to it from a CygWin termninal session on the same machine. If that doesn't work, it's not going to work from outside the machine. Finally, after that works, try a connection from within the same network. Look at the Event Logs. Cheers, -- Dave Ihnat dihnat@xxxxxxxxxx -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
