From: "Rod Gasson" 


"Bob Lawrence" 
wrote in message
news:1084630322{at}p12.f610.n712.z3.ftn...



>  I remember a few years ago, when Keith ran a fancy new firewall that
> monitored all his ports. He said he was getting an average of two or
> three attacks every day! And some of them were persistent.

Yeah, that really must've been a few years ago.  These days it isn't unusal
to expect thousands of 'attacks' per day -  at least that is what is being
dropped by our firewall every day. consistantly.

>  Life is too short to waste it stuffing around with making my PC safe
> from the Internet.

It isn't hard to set up a maintainance free firewall. It isn't as though you
need to update them whenever a new exploit is found, because the firewall
should be dropping any incoming accesses that aren't specifically allowed
anyway.

> I have learned,
> that no matter how smart you are (or think you are) there is always
> someone a dollar ahead and a day early.

I have learned that you are totally paranoid and really don't have much of a
clue as to how the Internet and/or firewalls work.

> DD> Do not connect a Windows machine directly to the outside world
> DD> without first installing a firewall package that isn't made by
> DD> Microsoft.
>
>  It's not just Microsoft, David. Any well-known firewall runs the
> same sort of risk of penetration - especially if they use the same
> Windows O/S.

You'll find most sysadmins (including the big boys like Telstra, optus, etc)
DON'T run Microshaft products for their core networking.  Only home uses are
foolish enough to do that.

>  I plan to set up two machines: the Linux gateway that runs 24/7 but
> with *no* product on it.

That's what we've been trying to tell you to do for months!.

If you're at all interested, we settled on using a Linux distro called
'Coyote' for our firewall needs.  It boots from floppy, runs from RAM. No HD
needed, and it is using a very old 486 machine with only 8mB ram.

> Anything I produce will be kept on the other
> machine, on another hard drive with a plug I can pull, physically.

Overkill.

> If I must run an executable, then I'll do it on the Linux machine.

How do you propose to run Windoze executables on a Linux machine?
How many Linux executables do you know of that are actually viruses?

> If it becomes infected then stiff shit...

Linux != Windows
The few (very few) Linux viruses that actually exist require totally
different mechansisms in order to spread/replicate and almost all of them
require root priviledges to do so, which means that in order to have a virus
infected linux box the machine itself has already been compromised via some
other exploit, or the virus code needs to be executed by 'root', and even a
novice Linux user knows better than to even log on as root unless
specifically required in order to install or reconfigure new software.

> I'll just reload the entire
> machine. This Linux installs in ten minutes.

And a Linux firewall booted from a write protected floppy will reboot to a
clean system in a fraction of that time.

Cheers
Rod





--- ifmail v.2.15