Globe Trotter wrote:
after years of resisting upgrading from dial-up, i am considering upgrading toI'm going to repeat what others have said, but I like to get my two penn'orth in. I had a choice when I went for DSL in the UK. I have a machine in the house which is permanently turned on (it's an ancient laptop -- no fan) so I could've used that for the firewall. Instead I chose to go for a Netgear DG814. For several reasons. Mostly because it was cheap :-) No. That's not true. But I am quite happy with it, it is lacking features that its more expensive brethen (~ £250 instead of ~£100) have, but it's fine for me.
the cheaper version of DSL. question: is it easy to configure redhat 9 for DSL?
what does one need to do? anything i should keep in mind wrt the DSL modem?
Why didn't I go for a Linux firewall? Well, two main reasons. Unless you are already experienced in setting up Linux as a firewall you stand a pretty good chance of getting a firewall that doesn't actually do all that well on the stopping front. You might think it's secure, but are you really sure? There are going to be lots of people on the list jumping up and down saying that it's really easy to do and really easy to get secure - but I'm paranoid. I wanted to go for a solution I could have some faith in.
The other reason, really the main reason, is that I wanted my firewall to be a completely separate box from the other machines in the house. That antique laptop I mentioned is an e-mail, DHCP, DNS and NTP server for the other machines. It could be a firewall as well but I would feel uneasy about it being both the barrier and containing (most) of the stuff I want to protect. By moving the firewall elsewhere I'm left with a simpler system that I feel provides more security.
I guess the final reason is simplcity. Actually, it underpins the other two. The simpler a solution is, the more likely it is going to be secure. The more complex, the more likely it is that I'm going to get hacked. Of the people I work with, five out of six have gone down the route of having a separate firewall -- three with the DG814, one with a cheaper one (no switch) and one with a more expensive one (which is very nice, but he has more money than sense :-)). Of the six of us, one has been hacked. Admitedly only once and something easily fixed. But guess which one.
The one who didn't bother to keep his box up to date? Seriously, I've seen people running some old, stone-stock redhat 6.x, in the current millenium, without any updates, and then were surprised when script kiddies discovered the vulnerable bind or ssh or whatnot.
What's more interesting is that boxes inside a firewall can be easily hacked if they are not secure, so don't let the act of putting a box inside the firewall give you a false sense of security.
We're a small shop for one, and secondly we want maximum performance and minumum latency to the net, so linux is the ideal firewall - and in 5 years or so, we've never been successfully hacked. Maybe it helps that we always keep our boxes up to date (easy with a cron job that does "up2date -u") , turn off unneeded services and use secure protocols and servers (never use telnet, use openssh with privelege separation, use tcp wrappers as well as iptables rules, use postfix instead of sendmail, etc).
I will grant though, that if someone is not interested in learning anything aout linux, or security, perhaps a small dedicated home router appliance makes sense for them - but usually people who run linux are the type who want to master these things....
Joe
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
