The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024

Latest message you have seen: Re: UK HA All-encompasing FAQ


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shuttle & via epia... now firewalls



> > > I would need to open port 80, as am running andromeda.
> > > The alternative would involve opening port 80 on some other machine
> > > inside the network.
> >
> > Well, that's one hole.....
>
> Like I said, I'd need to open up port 80 on some machine on the network
> anyway.
> As long as I ensure the web server software has the latest greatest
> security patches applied to it, then I'm probably okay for most casual
> attacks - unless someone really really really want to get to my data on
> the internal lan.

If you know what you're doing, it'll be quite secure.  Not matter how well
you set it up, it will be less secure because of that service.

> > I'd agree with you entirely, but the chances of your machine being
> > compromised, and the hacker being able to use it for whatever
> > (s)he likes
> > are higher if you've added more services to the distro.
> > That's the only
> > point I'm trying to make.
>
> Just as they are higher by only running one machine as your firewall
> instead of the 2 or 3 you _should_ be using - and preferably with
> different OS'es too so that a vunerability in one will hopefully be
> caught by one of the other machines in the setup (I really must lookup
> that book to refresh my memory on the function of each PC in the
> firewall).

ITYF it was something along the lines of....

Internet > firewall > web server > firewall > back end server > firewall >
LAN

> > Ah, but you won't get into trouble if someone uses your well
> > locked up gun
> > to shoot someone.  However, if you left a licensed gun on the kitchen
> > table, and someone was shot with it, you may be in trouble.
>
> What if it is in a cupboard? :)

Grey area ;-)

> That's what we're talking about here:
> the well locked up gun = 'proper' corporate level lan protection
> the gun on the table = no security whatsoever
> the cupboard is the firewall that is also a media server - better than
> the table, not as good as the secure gun cabinet, but good enough for
> many purposes (how many ppl know you have a gun?  and bullets?)

Agreed.

> > Before someone tells me to get off my high horse, I'd like to
> > point out
> > that I am in the process of modifying a firewall distro.
> > Security is not
> > the main aim of the distribution, rather a solution which
> > does not yet exist.
>
> Can't see anyone saying that.

I know, but I feel such a hypocrite :-/

> A totally secure lan at no cost is the ideal
> That will not happen.  No system is totally secure and security costs
> money.
>
> I am arguing that it is not always necessary to go for the top security
> system.
> You are arguing that more security is required to prevent joe hacker
> using your machine to attack a government system (Wargames anyone?),
> resulting in a lawyer suing your ass!
> I don't see any horses high or low :)

Sorry, I'm not explaining myself too well.  I was just pointing out that
your mewas less secure.  Nothing else.  I was referring to the other post
that a top lawyer could say that your compromise of the distro was
irresponsible.  IANAL, and I really don't care that much.  I'll be
modifying my distro to suit, and if it's a good solution for you, then go
for it, as long as you understand the risks.  A firewall of any
description is better than none at all.

> > Andy (running a Microsoft firewall at home :-/ )
>
> And you think I'm not secure :-)  At least my hardware router is the
> external 'face' of the lan

That's why I feel hypocritical.

Andy
--
Building a community network for Bristol
http://consume.andylaurence.co.uk - updated 03/07
4x4 in town - bog brush for your teeth
NB: Alternate E-Mail - andylaurence at yahoo dot co dot uk

For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe:  ukha_d-subscribe@xxxxxxx
Unsubscribe:  ukha_d-unsubscribe@xxxxxxx
List owner:  ukha_d-owner@xxxxxxx

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.