[lug] Firewall != Linux, Was -> Broadband
Chris M
chrism at peakpeak.com
Tue Aug 1 17:06:46 MDT 2000
> From: "Jeffrey B. Siegal" <jbs at quiotix.com>
>
> Chris M wrote:
>> A security hole. wu-ftpd, sendmail, etc.
>
> These are not part of Linux. Linux is a kernel. Wu-ftpd, sendmail, etc. all
> run on other Unix-like systems (and even some non-Unix-like systems) aside
> from
> Linux.
And a tire isn't part of a car. People put them on there.
> If your gripe is with a particular Linux distribution (Red Hat or whatever),
> then say so. Otherwise, you are just making yourself look like a fool,
> perhaps
> wrongly.
You are welcome to that opinion, however misinformed it may be. All Linux
distributions are inherently not as good, and more expensive, as a
commercial firewall, even with someone very skilled.
>> A modem connected to the computer
>> in one case. Or a simple DoS, any number of things. I mean the sky is truly
>> the limit with so many knobs to turn and lock down.
>
> Actually, it is pretty easy to turn off all the services with most
> distributions. A firewall doesn't need sendmail, etc. and they should be
> disabled. If you do a "netstat -an" and don't see any listeners, there almost
> no chance of a remote exploit. (I can't remember the last time there was a
> remote exploit in the kernel itself.)
Add up the costs. First, ask yourself, how much is a decent Linux machine
going to cost for the hardware, how long will it take me to set up at what
hourly $$, etc.
Got a number yet? Now go price a nice firewall from a commercial vendor.
Oops.
Sure seems like some people are very entrenched in this "Linux can do
anything" mindset. I can build a car with nothing but a hammer and an
adjustable wrench, but it is still not very smart.
Chris
More information about the LUG
mailing list