[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Re: Building kernel on one machine, using on another.



>>>>> "Richard" == Richard  <richard [at] sheflug.co.uk> writes:

    Richard> Alex Hudson wrote:

[Steve wrote]

    >> > But with your spec as written above, the answer is in four
    >> > words:  Don't.  Run.  A.  Firewall.
    >> 
    >> On a dialup line, this is probably true, although depends how
    >> long you stay connected :))

    Richard> I am *NOT_ABLE* to find any evidence that anyone can use
    Richard> dialup within the bounds of the UK and not have a working
    Richard> firewall installed.

Actually, it's rather simple.  Don't run any internet servers.

You won't have any problems, unless somebody dislikes you enough to
run a DOS attack on you, and they're rare.  I can be a pretty
dislikable chap when I turn my mind to it, but as yet only my employer
has run a DOS attack on me (curiously enough, they call it a
"firewall").

Of course, with most Linux installations, running an IP filter is
simpler than figuring out how to turn off all the damn servers you
didn't want on in the first place.  But in principle it's easy enough.

BTW most Macs and Windows systems don't have that problem (as long as
you leave "resource sharing" off, and AFAIK Windows workstations can't
tunnel SMB over PPP anyway).

    Richard> All of the Macs, MS machines and Linux boxes that I've
    Richard> seen that haven't got a working firewall have been
    Richard> cracked by someone from this country or Russia or the
    Richard> States.

"I don't want to be cracked" wasn't in the spec I was referring to.

*shrug*

Seriously, the Orange Book says "a C2 secure system may not be hooked
to a network, unless that network is C2-rated".  Presumably Barrie
would find C2 security unacceptably restrictive from what he says.
:-)  But he must specify in much more detail what services, if any, his
domain is going to offer to his internal net and to the rest of the
world, on the one hand.  On the other, he needs to define what he's
willing to give up to achieve "not getting cracked" (or equivalently,
just how badly he fears getting cracked).

But until all that's on the table, there's not much to say except
"what do you want me to say?"


-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.