On Sat, 2004-07-24 at 14:30, Jason Costomiris wrote: > On Jul 24, 2004, at 10:08 AM, Jorge Fábregas wrote: > > > Just like Scot says..you should buy a hardware router ..most of them > > have > > firewall capabilities built-in. > > > People somehow think that because they don't have to load an operating > system onto a device that it's not just a computer running software. > > Newsflash: your so-called "hardware router" is nothing more than a > small-scale CPU, memory, some network interfaces and some sort of > embedded OS. In many cases, the OS is even Linux - case in point, the > extremely popular Linksys WRT54G line. > > --j Very true. But such a hardware router is a dedicated appliance with few options and no other task than to provide some protection. It can take a very complex service that even seasoned firewall experts get wrong at times and make it available to the general public. And since it is a dedicated device with few if any extraneous services, while not impossible, it is very unlikely that a general exploit will get through one. Nothing is perfect. That is why I subscribe to defense in depth. Use a separate firewall as well as iptables and other IDS software on the servers with good passwords etc. In the end all it really does is make it more difficult for the really determined attacker to get to the data they are after. The only secure system is one that is not connected to the Internet, unplugged, locked in a vault on the moon. And even that system is subject to being stolen given enough time and money. Of course it is not very useful in that state. -- Scot L. Harris webid@xxxxxxxxxx What's love but a second-hand emotion? -- Tina Turner