|
The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024
|
Latest message you have seen: Re: UK HA All-encompasing FAQ |
[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
Re: Shuttle & via epia... now firewalls
> > > I would need to open port 80, as am running andromeda.
> > > The alternative would involve opening port 80 on some other
machine
> > > inside the network.
> >
> > Well, that's one hole.....
>
> Like I said, I'd need to open up port 80 on some machine on the
network
> anyway.
> As long as I ensure the web server software has the latest
greatest
> security patches applied to it, then I'm probably okay for most
casual
> attacks - unless someone really really really want to get to my data
on
> the internal lan.
If you know what you're doing, it'll be quite secure. Not matter how
well
you set it up, it will be less secure because of that service.
> > I'd agree with you entirely, but the chances of your machine
being
> > compromised, and the hacker being able to use it for whatever
> > (s)he likes
> > are higher if you've added more services to the distro.
> > That's the only
> > point I'm trying to make.
>
> Just as they are higher by only running one machine as your
firewall
> instead of the 2 or 3 you _should_ be using - and preferably with
> different OS'es too so that a vunerability in one will hopefully
be
> caught by one of the other machines in the setup (I really must
lookup
> that book to refresh my memory on the function of each PC in the
> firewall).
ITYF it was something along the lines of....
Internet > firewall > web server > firewall > back end server
> firewall >
LAN
> > Ah, but you won't get into trouble if someone uses your well
> > locked up gun
> > to shoot someone. However, if you left a licensed gun on
the kitchen
> > table, and someone was shot with it, you may be in trouble.
>
> What if it is in a cupboard? :)
Grey area ;-)
> That's what we're talking about here:
> the well locked up gun = 'proper' corporate level lan protection
> the gun on the table = no security whatsoever
> the cupboard is the firewall that is also a media server - better
than
> the table, not as good as the secure gun cabinet, but good enough
for
> many purposes (how many ppl know you have a gun? and
bullets?)
Agreed.
> > Before someone tells me to get off my high horse, I'd like to
> > point out
> > that I am in the process of modifying a firewall distro.
> > Security is not
> > the main aim of the distribution, rather a solution which
> > does not yet exist.
>
> Can't see anyone saying that.
I know, but I feel such a hypocrite :-/
> A totally secure lan at no cost is the ideal
> That will not happen. No system is totally secure and security
costs
> money.
>
> I am arguing that it is not always necessary to go for the top
security
> system.
> You are arguing that more security is required to prevent joe
hacker
> using your machine to attack a government system (Wargames
anyone?),
> resulting in a lawyer suing your ass!
> I don't see any horses high or low :)
Sorry, I'm not explaining myself too well. I was just pointing out
that
your mewas less secure. Nothing else. I was referring to the
other post
that a top lawyer could say that your compromise of the distro was
irresponsible. IANAL, and I really don't care that much. I'll
be
modifying my distro to suit, and if it's a good solution for you, then go
for it, as long as you understand the risks. A firewall of any
description is better than none at all.
> > Andy (running a Microsoft firewall at home :-/ )
>
> And you think I'm not secure :-) At least my hardware router is
the
> external 'face' of the lan
That's why I feel hypocritical.
Andy
--
Building a community network for Bristol
http://consume.andylaurence.co.uk
- updated 03/07
4x4 in town - bog brush for your teeth
NB: Alternate E-Mail - andylaurence at yahoo dot co dot uk
For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe: ukha_d-subscribe@xxxxxxx
Unsubscribe: ukha_d-unsubscribe@xxxxxxx
List owner: ukha_d-owner@xxxxxxx
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
Home |
Main Index |
Thread Index
|
|