[lug] Firewall != Linux, Was -> Broadband

[Chris M]

> From: "Jeffrey B. Siegal" <jbs at quiotix.com>
> 
> Chris M wrote:
>> A security hole.  wu-ftpd, sendmail, etc.
> 
> These are not part of Linux.  Linux is a kernel.  Wu-ftpd, sendmail, etc. all
> run on other Unix-like systems (and even some non-Unix-like systems) aside
> from
> Linux.

And a tire isn't part of a car. People put them on there.

> If your gripe is with a particular Linux distribution (Red Hat or whatever),
> then say so.  Otherwise, you are just making yourself look like a fool,
> perhaps
> wrongly.

You are welcome to that opinion, however misinformed it may be. All Linux
distributions are inherently not as good, and more expensive, as a
commercial firewall, even with someone very skilled.

>> A modem connected to the computer
>> in one case. Or a simple DoS, any number of things.  I mean the sky is truly
>> the limit with so many knobs to turn and lock down.
> 
> Actually, it is pretty easy to turn off all the services with most
> distributions.  A firewall doesn't need sendmail, etc. and they should be
> disabled.  If you do a "netstat -an" and don't see any listeners, there almost
> no chance of a remote exploit. (I can't remember the last time there was a
> remote exploit in the kernel itself.)

Add up the costs.  First, ask yourself, how much is a decent Linux machine
going to cost for the hardware, how long will it take me to set up at what
hourly $$, etc.

Got a number yet?  Now go price a nice firewall from a commercial vendor.

Oops.

Sure seems like some people are very entrenched in this "Linux can do
anything" mindset.  I can build a car with nothing but a hammer and an
adjustable wrench, but it is still not very smart.

Chris