Router/Firewall Recommendation
Rodolfo J. Paiz
rpaiz at simpaticus.com
Thu Jun 24 07:23:27 UTC 2004
At 12:34 AM 6/24/2004, Otto Haliburton wrote:
>Well, I guess the theory behind NAT is really simple and penetration is very
>simple then, but I don't think so. The first level is penetrated
>automatically is a way of saying 'defeat the OS and you're in the world' and
>that ain't no bullshit cause that is exactly what happens when you are
>hacked. You don't try to penetrate the defense, you penetrate the OS then
>shutdown the defense, get it. With the little blue box as you call it. If
>it fails then the network is lost period because all ip's are lost.
Apples and oranges, hence irrelevant. No relation between hacking a box and
the box failing.
1. The LBB has an OS as well (see the Linksys WRT54G router, it
runs Linux!), and even the ones in firmware have OS-level capabilities for
what they do. So both the LBB and the Linux box *can* be hacked. Whether A
or B has or has not *yet* been hacked is another argument, but claiming
that one is perfect and the other is awful is just unreasonable no matter
which side of the argument you prefer.
2. You said that "if the little blue box [...] fails" and
explained that the boxes behind it are now secure since they are now cut
off from the world. Well, no shit, Sherlock! OF COURSE if the box fails
then everyone behind it is cut off and is thus "secure". If *any* router or
firewall fails then the same thing happens. But we're talking about
vulnerabilities, not failure. Your point has no value.
>Routers are not perfect but they are a cheap nearly perfect
>solution.
Weren't you saying just two messages ago that routers have problems, that
they're "very vulnerable", etc.? Now it's just *your* favorite routers that
are "a cheap nearly perfect solution"? I call bullshit... again, and for
about the fifth time I think.
>I don't like be called wrong and I am generally not, it takes all
>of 15 minutes to get excellent security, vs 20 months of building security.
Oh, gee, now isn't *that* humble. Take your ego out of the equation and
look at the nice, extreme things you are saying. Try to prove one or any of
them, and argue them consistently and without mixing issues. See how far
you get then.
I'm done. Anyone reading this thread (including you) who has enough sense
to come in out of the rain should see the arguments on both sides and have
made up their mind by now. I need some sleep, and I'm leaving on a trip for
three days so I'll be offline.
Enjoy your LBB, as will some of my customers since they are nice little
boxes. Others will enjoy their Linux boxes. And enjoy your hubris while it
lasts.
--
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com
More information about the redhat-list
mailing list