Rudi Ahlers wrote:
> On Sat, Jul 16, 2011 at 2:56 PM, Drew <drew.kay@xxxxxxxxx> wrote:
>>> not to mention danger of PC's bypassing your one-NIC firewall and
>>> unsafely connecting to the outside.
>> That I think is the biggest danger with a one NIC setup.
>>
>> Linux boxen may be safe(r) (then windows) from being infected or
>> hacked but just one malicious machine can bypass the security in place
>> if you don't logically *and* physically separate your subnets.
>>
>>
>> --
>> Drew
>>
>
>
> You can have the same problem with a multi-NIC firewall, by the way.
>
If you secure that firewall unit facing internet *properly*, you are
safe from outside. This is not the case with the setup I described.
I wrote about "physical presence *outside* of your network", like if you
are on a large WISP that uses bridged network (bad design) and your
Wireless client is bridged, and you have single NIC firewall in place,
entire WISP's network will be able to sniff your traffic and hack into
unprotected workstations/desktops. And there are those scenarios, much
more then you can think.
Ljubomir
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
