On Thu, Jan 22, 2009 at 03:12:10AM +1030, Tim wrote: > Me either. My DSL modem is a modem/router. I prefer that to having a > plethora of boxes, and I'd rather have it log on, than have to have some > other device authenticate and then route/switch. This is a matter of personal preference, certainly. I used to totally turn of PPPoE authentication in the DSL modem and push it back to the firewall (or Linux system if no hardware firewall), but these days I'll usually let the DSL modem do that, if it can do so and still support bridging. It makes management of the firewall simpler, and hacking a shade harder. > My wireless is a separate box, though. I'm still not thrilled about > wireless security. That Versa Technologies unit has very decent management for security and configuration (not to mention greatly increased range). Of course, never use WEP if you have a choice. > They each have their own firewall features, such as they are, and so do > all the computers. "Such as they are" is the operative phrase for the consumer-grade units. > Though I'm of the mind that you configure services properly, not > rely on a firewall to stand in the way of remotely exploiting some > vulnerability you left open. Rely on? Of course not. "Defense in depth"--each layer does its own job, and multiple layers of security give you better protection--or, and perhaps as importantly, warning that someone is knock-knock-knocking at your front door. Simple firewalls protect against administrator error--how often I've been told, "I was running THAT service? I didn't mean to!". But they, by definition, don't to squat to protect those services that are passed through. (Firewalls with stateful inspection do more, of course, but are concomitantly more difficult to configure; usually beyond what individuals, or usually even small businesses, are up to.) So for those services you've allowed through, it's critical to properly configure and monitor, yes. Cheers, -- Dave Ihnat dihnat@xxxxxxxxxx -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
