ATT's DSL Lite for Linux
Dave Ihnat
dihnat at dminet.com
Wed Jan 21 16:56:56 UTC 2009
On Thu, Jan 22, 2009 at 03:12:10AM +1030, Tim wrote:
> Me either. My DSL modem is a modem/router. I prefer that to having a
> plethora of boxes, and I'd rather have it log on, than have to have some
> other device authenticate and then route/switch.
This is a matter of personal preference, certainly. I used to totally
turn of PPPoE authentication in the DSL modem and push it back to the
firewall (or Linux system if no hardware firewall), but these days I'll
usually let the DSL modem do that, if it can do so and still support
bridging. It makes management of the firewall simpler, and hacking a
shade harder.
> My wireless is a separate box, though. I'm still not thrilled about
> wireless security.
That Versa Technologies unit has very decent management for security and
configuration (not to mention greatly increased range). Of course,
never use WEP if you have a choice.
> They each have their own firewall features, such as they are, and so do
> all the computers.
"Such as they are" is the operative phrase for the consumer-grade units.
> Though I'm of the mind that you configure services properly, not
> rely on a firewall to stand in the way of remotely exploiting some
> vulnerability you left open.
Rely on? Of course not. "Defense in depth"--each layer does its
own job, and multiple layers of security give you better protection--or,
and perhaps as importantly, warning that someone is knock-knock-knocking
at your front door.
Simple firewalls protect against administrator error--how often I've been
told, "I was running THAT service? I didn't mean to!". But they, by
definition, don't to squat to protect those services that are passed
through. (Firewalls with stateful inspection do more, of course,
but are concomitantly more difficult to configure; usually beyond what
individuals, or usually even small businesses, are up to.)
So for those services you've allowed through, it's critical to properly
configure and monitor, yes.
Cheers,
--
Dave Ihnat
dihnat at dminet.com
More information about the fedora-list
mailing list