[luau] Firewalls
MonMotha
monmotha at indy.rr.com
Mon Oct 28 17:50:01 PST 2002
Randall Oshita wrote:
>Feel free to ask any additional questions on any (and/or all) point(s).
>
> --MonMotha
>
> What would be good (above average) specs for a PC hardware Linux router?
> So hardware would be the BIGGEST difference between a "real" and a Linux
> router correct? In terms of security can they be considered similar?
> Thanks.
>
> Randall Oshita
>
I've successfully used a 486 /w 12MB of RAM for a dialup (the 12MB was
pushing it tho). I use a K6-2/350 /w 256MB daily for internet access as
well as for file serving, etc. The internal NIC is a simple $20 LinkSys
thing. The external NIC is some no-name NE2000 PCI clone (only
10Mbit) which is fine for my 2Mbit cable modem. On this topic, I also
haev a HomePNA card in for a couple systems upstairs to access the LAN
(at a whopping 1Mbps!) which Linux bridges onto the normal ethernet. It
looks like another switch hop (even speaks spanning tree!). Just
another feature lacking on LinkSys routers :).
Security wise, the Linux box will be more flexible, though not always
mroe secure. Stateful firewalling makes it possible to make more secure
rulesets, but it can also leave you open in a bug is found in it. I try
to achieve a balance between using the state match and using traditional
packet filtering to offset the odd chance that a bug may be found in the
connection tracking.
Security is of course dependent on the user as well. It's possible to
have a safe the size of Fort Knox, but if you leave the door unlocked
it's not going to do much good. Warren gave some good suggestsions on
the security front too, pointing out the other problem with using a
traditional Linux distro: it's a general purpose machine running a
general purpose OS. Part of this risk can be lessened by using a
custom, special purpose distro, but the potential is still there.
--MonMotha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 252 bytes
Desc: not available
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20021028/15571397/attachment-0001.pgp>
More information about the LUAU
mailing list