[lug] Broadband

Michael J. Pedersen marvin at keepthetouch.org
Wed Aug 2 08:48:54 MDT 2000


On Tue, Aug 01, 2000 at 06:31:59PM -0600, D. Duke Smith wrote:
> How much is your time working on your Linux FW worth as compared
> to a coiuple hundred for an external box? 

Well, that all depends. You see, I don't really gain much time (if any at all)
by going with an external firewall. I still have to configure it, don't I? I
still have to make informed decisions about what traffic gets through, and
what traffic doesn't. I still have to design my layout such that it meets my
needs, and then implement it on the firewall. My time savings will come down
to, at most, one kernel reconfig and recompile. Since I reconfigure and
recompile my kernel for other reasons (I need a new driver, for instance), I
pick that up for free as well.

Do I save some time? Possibly, though not much. Maybe an hour or two,
depending on the software to configure the firewall. I'll spend more time
researching the information that I need anyway (what do I block at ICMP level,
at udp level, etc), than I ever will implementing it.

> & ! Please don't disclose
> your full setup. Just as the biggest security problem in a business
> is internal (the guy who's about to quit), this list could be a leak.

I'd rather not disclose it until after I get a better backup scheme going
(about 3 weeks, most likely). See below for why I don't mind disclosing it.

> Rule #1 of self-defense: Never let anyone find out what you know
> about self defense except the hard way..

Rule #2 of self-defense: Find out how much you know about self-defense by
defending yourself against friendly attacks (ie: non-lethal).

I would have few, if any problems disclosing my setup to the people on this
list for that reason. Most people here (if not all), would be quite willing to
help test security, and then tell how they broke (assuming that they did).
That would actually give me a certain level of comfort, although it would be
no proof of me having a cracker-proof system.

So, anybody care to help crack a system in a few weeks? ;)

-----
Michael J. Pedersen
Get GnuPG at http://www.gnupg.org
My GnuPG Key Fingerprint: C31C 7E90 5992 9E5E 9A02 233D D8DD 985E 4E72 4A60
My GnuPG Public Key Available At: http://www.keyserver.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20000802/743e3d70/attachment.pgp>


More information about the LUG mailing list