On Sun, 2004-02-01 at 15:48, Craig Brooksby wrote:
> Hi all:
>
> In the recent Westside PLUG meeting, I raised the question of security.
> We newbies are typically busy figuring Linux out, and not necessarily
> keeping up with security.
>
> Let me zoom in on one question for now:
>
> My Linux box is my workstation, not a server. I have ipchains running
> (for now, let's say that I have it all properlytweaked in). At the same
> time, I see solutions like these:
>
> http://www.hotbrick.com/vpn600.html
> http://netmind-firewall.com/
>
> My question: Do solutions like the above exist because in a network,
> it's easier/better to handle the security issues in one place, for
> everyone? Or is there something *inherently superior* in the "hardware
> firewall" approach that is compelling compared to *any* firewall
> software running on a single-user desktop?
>
> Another way of asking it: the Linux Newbie who inserts one of these
> internet appliances between the Cox cable and his cable modem -- is he
> ipso facto more secure than if he is just running ipchains on his
> desktop?
>
> (I use "ipchains" to mean any software firewall solution -- I don't know
> any better).
>
> Craig (the "other" Craig) :-)
--
Now I am the other Craig - you cannot be him at the moment.
ipchains is what you have to use with 2.2x kernels. iptables is what you
have to user with 2.4x kernels.
I would say that you are infinitely more secure if you have an
'appliance' between your computer and the dsl/cable modem connection AND
you still employ ipchains/ipkernels on your computer.
Regarding the packages/distro's you are asking about, I am not familiar
with any of the 3 but I would guess that these are installed like any
distro. The benefit of useing one of these systems is simple...They come
preconfigured, ready to run DHCP/DNS/web proxies/NAT/TCP-UDP forwarding
and the administration is typically a web browser. These types of
systems take care of the security aspects including updating so you
don't have to worry about them yourself.
Craig
(text/plain)