[WBEL-users] easy to use firewall?
Phil Barnett
philb at philb.us
Sun Apr 3 00:33:11 CST 2005
On Saturday 02 April 2005 11:18 pm, Ganeshram Iyer wrote:
> Thanks Terry but this machine is not merely a stand-alone firewall. So
> from my first view of ipcop I dont know if it suitable.
Everything you add to a firewall makes it easier to compromise. You should
seriously consider separating the tasks into two machines. A small older
machine for the firewall and a more robust machine for everything else. It
doesn't take much of a machine to make a firewall and it should have no other
software, no compilers, no tools to help anyone to compromise the rest of
your network.
It really won't cost any more to do it this way since most companies have an
old PII 500 they are throwing out these days that you can make into a great
firewall.
If you combine the firewall with a standard distribution and a bad guy is able
to penetrate the firewall, he has all the tools necessary to penetrate the
rest of your network and export all of the information they find. Please
consider how much security you risk by combining everything into one machine.
You are trading security for convenience. It's a bad trade.
--
"In the beginning of a change, the patriot is a brave and scarce man, hated
and scorned. When the cause succeeds, however, the timid join him...for then
it costs nothing to be a patriot." -Mark Twain
More information about the Whitebox-users
mailing list