[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Re: Building kernel on one machine, using on another.
"Stephen J. Turnbull" wrote:
>
> Seriously, the Orange Book says "a C2 secure system may not be hooked
> to a network, unless that network is C2-rated". Presumably Barrie
> would find C2 security unacceptably restrictive from what he says.
> :-) But he must specify in much more detail what services, if any, his
> domain is going to offer to his internal net and to the rest of the
> world, on the one hand. On the other, he needs to define what he's
> willing to give up to achieve "not getting cracked" (or equivalently,
> just how badly he fears getting cracked).
>
> But until all that's on the table, there's not much to say except
> "what do you want me to say?"
Erm, OK. Thought processes behind all this:
Ooo! An extra machine.
Mmm. But it's only a P75 with 16Mb :(
What could I do?
Mail? Yup.
DNS. Yup
Firewall/ipchains? Yup.
MMm.
Already got all those on main machine with plenty power spare.
Oh.
Still..gotta do *something* with it.
So, there you go. I have a machine that I tried to reinstall last night
via ftp to my main box and failed - got a bunch of errors from the
text-based installer from RedHat not being able to find a file.
Gonna have to rip a CD drive out of another machine and do it the old
fashioned way later.
I'm not too scared of being hacked. I do get a few connections from
other machines (portmap (!), DNS (before I ran DNS), etc), strange
packets, portscans, but I've already got ipchains masq'ing my internal
network and refusing everything else.
Several a week at least.
I don't *need* a machine to run a firewall, flux (my PII) does fine
itself.
Still...if not this, what should I do with noodles?
Baz.
--
Barrie J. Bremner
Email: TheEnglishman [at] ecosse.net
(PGP public key available at pgp.mit.edu)
URL: http://www.geocities.com/thefatenglishman
Telephone: UK 01672 811246
Mobile: UK 07968 792975
Quis custodiet ipsos custodes?
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.