|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Security on a home DSL Line
My thoughts exactly. Using a software option is nice and gives much more flexibility as the responses here aptly point out, but at home I don't need to waste time unless it is for academic curiosity. I have done the Linux\BSD\x86 Solaris thing but inevitably need the box to do other services or change it to fit a lab environment (the tinker factor was mentioned). The desktop appliance, be it Netgear, Linksys, Sonicwall, Netopia ad infinitum is a one shot always working piece of gear, barring hardware or power failure which would affect any choice. 'Operationally' speaking, for bitheads like me the non wintel OS option is very attractive but recommendations to customers, corporate users and non technical colleagues fall into the category of wintel software or appliance about 80% of the time. Since the first takes my time to setup and the *IX option takes that plus hardware after I run out of scrap parts, the plug and pay (or pay then plug) appliance starts to grow on you. Add then the exstensability factor of the solution and you may admit that handing a BSD box or Black ice to Mom or Grandma is not an option, nor would Mom or Grandma care to track offenses etc. since they presumably pay an ISP for service matters and they themselves couldn't hardly track their own IP never mind the rest. My home supply of boxen for *IX use runs into extensability issues as well ;) Still, the discussion has brought to light all the options out there from freeware to appliance for your perusal. My final take: Technically Superior : *IX OS of choice Time & Materials Option: Appliance James ----- Original Message ----- From: "Roeland Meyer" <[email protected]> To: <[email protected]>; <[email protected]> Sent: Friday, November 03, 2000 10:44 AM Subject: RE: Security on a home DSL Line > > I did that ... too much work. Easier to install an appliance. > > > -----Original Message----- > > From: Sean Figgins [mailto:[email protected]] > > Sent: Friday, November 03, 2000 7:33 AM > > To: [email protected] > > Subject: RE: Security on a home DSL Line > > > > > > > > Of course, for those that don't know how to install a OS > > without the use of > > GUIs, you can always install FreeBSD just about as easily as > > Linux, and have > > all the security of IPFilter over IPChains... I've used this > > method to do > > everything from a Dial on Demand NAT gateway, to a full fledged > > firewall/router solution. > > > > Of course, my home network is behind more sophisticated > > security now, but > > if/when I ever change jobs and network providers, I'll be > > going back to the > > FreeBSD firewall/NAT method. > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]]On Behalf Of > > Brandon Hume > > Sent: Friday, November 03, 2000 9:07 AM > > To: [email protected] > > Subject: Re: Security on a home DSL Line > > > > > > > > >Otherwise, your idea is perfect; Linux or OpenBSD, whichever you're > > >more comfortable with, will give you the most flexibility, > > and Solaris x86 > > >might work but will be dog-slow and unless you have a lot of RAM, > > >completely unusuable. > > > > For such a weakly defined measure of "a lot of RAM", this statement is > > inaccurate. Solaris 8 x86 will run comfortably, without X > > and superfluous > > processes (to say: a rational firewall/NAT box configuration) > > within 12M > > of RAM. A passing knowledge of Solaris would not let a > > person know this to > > be true, however, since Sun states its memory requirements on > > the assumption > > you'd be using X. > > > > That being said, OpenBSD is probably the best choice. It > > requires more > > skill > > to install, but less skill to secure, and would probably run > > better *by > > default* on a minimal machine. After that I'd suggest > > Solaris, since it > > installs less crap than most of the Linux distributions (note: most). > > Driver issues might force your hand to the Linuxes, of course. > > > > I also place OpenBSD and Solaris above Linux because they > > both give you the > > use of IPFilter, which I believe to be just flat-out superior > > to IPChains. > > > > -- > > Brandon Hume - hume -> BOFH.Halifax.NS.Ca, > http://WWW.BOFH.Halifax.NS.Ca/ > -> Solaris Snob and general NOCMonkey > > >
|