From: "Rod Gasson" 


"Bob Lawrence" 
wrote in message
news:1085913866{at}p12.f610.n712.z3.ftn...

>
> DD> If you're serious about the Linux box being a router/firewall
> DD> only take a look at one of the single diskette router
> DD> distributions of it (LRP or Freesco or such). These boot from a
> DD> wite protected floppy, load inot a RAM drive and run from
> DD> there. If something odd happens, just reboot and it
> DD> automatically runs a "clean" copy.
>
>  I've thought of that, but it's not such a big deal with these fast
> CPUs and drives. I can run a backup for the entire drive in 3 minutes.

I think you are missing the point Bob.

For several years our firewall/router was the same machine as our Web, FTP
and Email servers. Although it did a pretty good job, it wasn't the most
secure system in the world because IF someone happened to compromise our
firewall box they instanlty had access to all the other services running on
the machine.  In contrast, a dedicated firewall/router offers yet another
level of protection.. In order to access our other machines, a hacker would
first need to compromise the firewall and _then_ they'd need to do even more
'work' in order to gain access to the actual servers. The firewall box
itself doesn't have ANYTHING on it other than the firewall code itself (and
an SSH server for admin purposes). Oh, the SSH server is only accessable
from within our own network.

It ISN'T just a matter of the time it takes to recover from a backup that is
an issue, because on a production machine ANY backup is always going to be a
little out of date. No big deal for most home users, but a very big issue
for those of us running online webstores, etc.

We perform daily, weekly and monthly backups (fully automated of course) and
even recovering from a daily backup file (due to hardware failure) takes a
LOT longer than '3 minutes' if/when we have to manually restore orders, etc
that are up to 24 hours old.

Cheers
Rod










--- ifmail v.2.15