Router/Firewall Recommendation

Rodolfo J. Paiz rpaiz at simpaticus.com
Thu Jun 24 07:23:27 UTC 2004 

At 12:34 AM 6/24/2004, Otto Haliburton wrote:
>Well, I guess the theory behind NAT is really simple and penetration is very
>simple then, but I don't think so.  The first level is penetrated
>automatically is a way of saying 'defeat the OS and you're in the world' and
>that ain't no bullshit cause that is exactly what happens when you are
>hacked.  You don't try to penetrate the defense, you penetrate the OS then
>shutdown the defense, get it.  With the little blue box as you call it.  If
>it fails then the network is lost period because all ip's are lost.

Apples and oranges, hence irrelevant. No relation between hacking a box and 
the box failing.

         1. The LBB has an OS as well (see the Linksys WRT54G router, it 
runs Linux!), and even the ones in firmware have OS-level capabilities for 
what they do. So both the LBB and the Linux box *can* be hacked. Whether A 
or B has or has not *yet* been hacked is another argument, but claiming 
that one is perfect and the other is awful is just unreasonable no matter 
which side of the argument you prefer.

         2. You said that "if the little blue box [...] fails" and 
explained that the boxes behind it are now secure since they are now cut 
off from the world. Well, no shit, Sherlock! OF COURSE if the box fails 
then everyone behind it is cut off and is thus "secure". If *any* router or 
firewall fails then the same thing happens. But we're talking about 
vulnerabilities, not failure. Your point has no value.

>Routers are not perfect but they are a cheap nearly perfect
>solution.

Weren't you saying just two messages ago that routers have problems, that 
they're "very vulnerable", etc.? Now it's just *your* favorite routers that 
are "a cheap nearly perfect solution"? I call bullshit... again, and for 
about the fifth time I think.

>I don't like be called wrong and I am generally not, it takes all
>of 15 minutes to get excellent security, vs 20 months of building security.

Oh, gee, now isn't *that* humble. Take your ego out of the equation and 
look at the nice, extreme things you are saying. Try to prove one or any of 
them, and argue them consistently and without mixing issues. See how far 
you get then.

I'm done. Anyone reading this thread (including you) who has enough sense 
to come in out of the rain should see the arguments on both sides and have 
made up their mind by now. I need some sleep, and I'm leaving on a trip for 
three days so I'll be offline.

Enjoy your LBB, as will some of my customers since they are nice little 
boxes. Others will enjoy their Linux boxes. And enjoy your hubris while it 
lasts.


-- 
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com

More information about the redhat-list mailing list