[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Re: Building kernel on one machine, using on another.



"Stephen J. Turnbull" wrote:

> 
> Seriously, the Orange Book says "a C2 secure system may not be hooked
> to a network, unless that network is C2-rated".  Presumably Barrie
> would find C2 security unacceptably restrictive from what he says.
> :-)  But he must specify in much more detail what services, if any, his
> domain is going to offer to his internal net and to the rest of the
> world, on the one hand.  On the other, he needs to define what he's
> willing to give up to achieve "not getting cracked" (or equivalently,
> just how badly he fears getting cracked).
> 
> But until all that's on the table, there's not much to say except
> "what do you want me to say?"

 Erm, OK. Thought processes behind all this:

 Ooo! An extra machine.

 Mmm. But it's only a P75 with 16Mb :(

 What could I do?

 Mail? Yup.

 DNS. Yup

 Firewall/ipchains? Yup.

 MMm.

 Already got all those on main machine with plenty power spare.

 Oh.

 Still..gotta do *something* with it.

So, there you go. I have a machine that I tried to reinstall last night
via ftp to my main box and failed - got a bunch of errors from the
text-based installer from RedHat not being able to find a file.
 Gonna have to rip a CD drive out of another machine and do it the old
fashioned way later.

 I'm not too scared of being hacked. I do get a few connections from
other machines (portmap (!), DNS (before I ran DNS), etc), strange
packets, portscans, but I've already got ipchains masq'ing my internal
network and refusing everything else.
 Several a week at least.
 I don't *need* a machine to run a firewall, flux (my PII) does fine
itself.

 Still...if not this, what should I do with noodles?

 Baz.


--
Barrie J. Bremner

Email:     TheEnglishman [at] ecosse.net
           (PGP public key available at pgp.mit.edu)

URL:       http://www.geocities.com/thefatenglishman

Telephone: UK 01672 811246
Mobile:    UK 07968 792975

Quis custodiet ipsos custodes?
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.