Tue Jun 4 12:17:20 MDT 2013
MJP> I guess what I'm trying to say is this: Don't slam a linux firewall on the
MJP> basis that "Since it's open source, it must be more insecure, because
MJP> everybody can beat on it." To me, at least, it doesn't make sense.
Nowhere did I slam linux firewalls. Nowhere did I say that open
source is more insecure. I am of the school of thought, however, that
network appliances are better than generic machines to do a certain
task. Why? Because they're built to do a small amount of tasks and
they (generally) do them well. Take a NetApp Filer for example. It's
based on Unix but it has all of the unnecessary crap taken out.
All I'm saying is this:
1. If you don't FULLY understand the implications of putting hooking
your computer up to the net, at the very least use some sort of
product that will do all of this for you.
2. This product (and others like it) don't allow you to log on to
them and gain access to your internal network. I've got a couple of
hosts sitting behind this router and you CANNOT reach any of them
because you can't log in to my gateway. Even if you're the best sys
admin in the world, if someone gains access to your box, your WHOLE
network is compromised. Not just that machine!
I misspoke in the above paragraph saying that you "cannot" reach
any of my boxes. I'm going to leave it there to illustrate my point,
3. EVERYTHING can be cracked.
More information about the LUG