On Thu, 05 July 2001, George Toft wrote:
> For those who are interested, here is how I turned my laptop into
> a really good firewall:
> http://georgetoft.com/linux/firewall/index.html
Where do you get RAM for your old 386's and 486's? The ones I keep finding having too little RAM (usually 4MB) to do anything useful.
> Here's an e-mail I received regarding this firewall. He's an
> independent security specialist. Can anyone verify he's as good
> as I think he is (my evaluation is based on other e-mails)?
Does his report tell what he did? Without knowing that, there's no way to "audit the audit" and tell what the report means. It's like... it's like me telling you your car is OK without you knowing what I checked. Did I just listen to the sound of the engine? Did I check the fluids? Did I check ALL of the fluids? Did I do a compression check? Did I plug into the car's computer and download the engine's performance history?
To me, a security audit doesn't mean much if the report is only PASS/FAIL. It would probably make me feel better, coming as it does from a well-regarded source, but I strongly suspect that it *shouldn't* make me feel better.
Wayne Conrad