North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Security on a home DSL Line

  • From: Roeland Meyer
  • Date: Fri Nov 03 10:52:58 2000

I did that ... too much work. Easier to install an appliance.

> -----Original Message-----
> From: Sean Figgins [mailto:[email protected]]
> Sent: Friday, November 03, 2000 7:33 AM
> To: [email protected]
> Subject: RE: Security on a home DSL Line
> 
> 
> 
> Of course, for those that don't know how to install a OS 
> without the use of
> GUIs, you can always install FreeBSD just about as easily as 
> Linux, and have
> all the security of IPFilter over IPChains...  I've used this 
> method to do
> everything from a Dial on Demand NAT gateway, to a full fledged
> firewall/router solution.
> 
> Of course, my home network is behind more sophisticated 
> security now, but
> if/when I ever change jobs and network providers, I'll be 
> going back to the
> FreeBSD firewall/NAT method.
> 
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]On Behalf Of
> Brandon Hume
> Sent: Friday, November 03, 2000 9:07 AM
> To: [email protected]
> Subject: Re: Security on a home DSL Line
> 
> 
> 
> >Otherwise, your idea is perfect; Linux or OpenBSD, whichever you're
> >more comfortable with, will give you the most flexibility, 
> and Solaris x86
> >might work but will be dog-slow and unless you have a lot of RAM,
> >completely unusuable.
> 
> For such a weakly defined measure of "a lot of RAM", this statement is
> inaccurate.  Solaris 8 x86 will run comfortably, without X 
> and superfluous
> processes (to say: a rational firewall/NAT box configuration) 
> within 12M
> of RAM.  A passing knowledge of Solaris would not let a 
> person know this to
> be true, however, since Sun states its memory requirements on 
> the assumption
> you'd be using X.
> 
> That being said, OpenBSD is probably the best choice.  It 
> requires more
> skill
> to install, but less skill to secure, and would probably run 
> better *by
> default* on a minimal machine.  After that I'd suggest 
> Solaris, since it
> installs less crap than most of the Linux distributions (note: most).
> Driver issues might force your hand to the Linuxes, of course.
> 
> I also place OpenBSD and Solaris above Linux because they 
> both give you the
> use of IPFilter, which I believe to be just flat-out superior 
> to IPChains.
> 
> --
> Brandon Hume    - hume -> BOFH.Halifax.NS.Ca, 
http://WWW.BOFH.Halifax.NS.Ca/
                       -> Solaris Snob and general NOCMonkey