-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 21 December 2003 18:28, John Andersen wrote:
On Sunday 21 December 2003 06:41, Adalberto Castelo wrote:
Linksys firewall is the main line of defense: only let http and ssh through, and only to one machine in the internal network. All other machines are not accessible from outside the firewall. Just for extra safety, turn off all non used services (they were off anyway).
I don't like the idea of using a non-SuSE kernel, or external security software, since I'm very particular about keeping the system stock.
How does the last paragrapth square with the first?
The first paragraph is a summary of how things are going to work out on my side. The second refers to Littke's suggestion of using a grsecurity kernel.
If you don't like the idea of non-suse or external security why trust Linksys?
You misunderstood. I meant it in my personal workstation. I run SuSE, and only SuSE, in it. If something doesn't work properly in it, there are less variables to deal with.
Who audits their code?
What can you do with linksys that you can not do with a mimimal suse box with two nics and suse firewall or shorewall (either of which ONLY set up iptables for you) on a stock suse kernal.
OT, but the answer is "probably nothing". I just figure a US $50 linksys router will be cheaper/require less effort than anything else I can think of. But a minimal Linux or BSD box would probably be a more complete solution. Cheers, Adalberto
-- _____________________________________ John Andersen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iQIVAwUBP+Zbpt6AspoXaofZAQLLFhAAkzyajTrbL7qMgaJvTdRWfyWYx7MocKNu EYLp7dX9BQWPe5PtHKULh7FEJpXRbklkTFzBoSw/3VOgp2gHHNHIhXzYa7pRWwVl qcM8yXPNdTBwotyHHz+/rl/1OkhqN+AgLfsqAm2VVXUDVmhxhjl+cIkOs4aozQbq otDWL5mcw708o1BpnCf8I8GL6/dMZdl2KHgQ0Rwvp05nu5j9HwCHsa7vdLycC3Lg s6M6CZu0Qha6bgVK7585umbG0zMFVjOD9M/WDFR9zc0ph7FapnupFr1pyLKXYL74 t2D/GfoUPUX/cMIa/cxLRhI/1yo9WfLclubcvc400tOfXGK+j2+eK0lL4QpYlh2W aGO61/k9lJynRS24sx0yOlz1/yeHuTStS0DJZoUQbGrUzi2smil6UKlvm5DsJwWm +eZTtiJ1Epky6P26ueVDoRHWwTp2BD/FRCnFgIYT8S+Pya5euzvvobCckuqYfSG9 u6vFews/svme6NmsKNDt9OatYD7v5Q52Rllc5M5XUppJE9MkQm15COTa+LUoJqhU XdcaCYEykVutTyu5nNytqJNJl8x34IKjXQ0F9EYgi3l73TekE2oE+JrCR8/93XyR Bz2ghSlTSXNUfbaTEmZICJLo5AaJBcqzvyjNpkDX1773bwk4KUtHY+a3+ezfLhKR l/0hO4cTZhI= =xYyY -----END PGP SIGNATURE-----