On Saturday 28 February 2004 03:03 am, Paul W. Abrahams wrote:
On Friday 27 February 2004 8:34 pm, Dylan wrote:
Routers are the key to heaven these days no matter what OS you're running.
Which leaves every box open to the outside network, whereas using one as a gateway (OK, preferably a dedicated Linux box rather than a Windoze workstation) means you can concentrate and refine your security without the errors introduced by duplicating setups and the overhead of having to run security systems on users' machines. Not to mention the stress of getting your LAN services through each box's security without opening gaping holes.
Maybe I'm missing something, but I believe the router box serves as a very effective firewall by doing network address translation.
That's of absolutely no value as soon as a user opens that rogue attachment, or visits the dodgy website which plants a backdoor. And as soon as you decide to open a service you need to control it. If your LAN is hubbed/switched by the device which also connects to the wild network then anything like nfs, samba, nis, (the list is endless) becomes vulnerable and very difficult to lock down without complex configuration. Dylan
Paul Abrahams
-- "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin