Router/Firewall Recommendation

[Otto Haliburton]

> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Reuben D. Budiardja
> Sent: Friday, June 25, 2004 8:00 AM
> To: General Red Hat Linux discussion list
> Subject: Re: Router/Firewall Recommendation
> 
> On Friday 25 June 2004 01:20 am, Otto Haliburton wrote:
> > most users networks ain't worth the
> > time and effort to hack it,
> 
> I'm probably going no where by replying this, except that I hope no one
> else
> gets this completely wrong view about security.
> 
> My friend here used to say "why would someone crack my machine? I have
> nothing
> of value". Well, the problem here is not the value of your machine. A
> cracked
> machine can be used to do much more malicious stuff. It's worse when the
> machine is part of a larger local network. Since other computers in a
> network
> is usually set up to trust a login from their own domain (ie. SSH login,
> and
> put "ALL :. mydomain.edu" in /etc/hosts.allow), a cracker can easilly get
> into other machines in the network. *Security is alwasy only as good as
> its
> weakest point*.
> 
> Coupled that with the fact that some people use the same login/password
> for
> different machines, it's very easy for a cracker to get a pool of cracked
> machines in a network to do more, much more malicious stuff. If that
> happens,
> who'll get the first red flags ? You, the owner of the cracked machine.
> Not
> the cracker, but you. It does not matter if it's eventually known that
> your
> machine was cracked, you and your network still get the red flag from
> others,
> eg. your collaboration, your business partners, you named it .
> 
> The point is, never assume that since you have nothing of value, you're
> not
> worth to get cracked. If you have that attitude, the possibilty is that
> you
> will get cracked eventually.
> 
> Security is only as good as its weakest point. And the weakest point is
> usually the human factor.
> 
> RDB
> --
> Reuben D. Budiardja
> Department of Physics and Astronomy
> The University of Tennessee, Knoxville, TN
> ---------------------------------------------------------

here it is again, all thieves can get around all alarms on any car, but why
waste the effort on a protected car when there are many unprotected cars out
there.  People that are out to network these computers together are going to
waste there time on a computer behind a firewall when there are many
computers on the internet without one.  That's what is meant by keep it
simple simon (or stupid or whatever needs to go there).  If you have the
option of using a 3000 dollar machine as a router, good for you, but a
simple effective alternative is a 40 dollar router.  You get the point.