Hack attempts

Scot L. Harris webid at cfl.rr.com
Sat Jul 24 19:19:18 UTC 2004


On Sat, 2004-07-24 at 14:30, Jason Costomiris wrote:
> On Jul 24, 2004, at 10:08 AM, Jorge Fábregas wrote:
> 
> > Just like Scot says..you should buy a hardware router ..most of them 
> > have
> > firewall capabilities built-in.
> 
> 
> People somehow think that because they don't have to load an operating 
> system onto a device that it's not just a computer running software.
> 
> Newsflash: your so-called "hardware router" is nothing more than a 
> small-scale CPU, memory, some network interfaces and some sort of 
> embedded OS.  In many cases, the OS is even Linux - case in point, the 
> extremely popular Linksys WRT54G line.
> 
> --j

Very true.  But such a hardware router is a dedicated appliance with few
options and no other task than to provide some protection.  

It can take a very complex service that even seasoned firewall experts
get wrong at times and make it available to the general public.  

And since it is a dedicated device with few if any extraneous services,
while not impossible, it is very unlikely that a general exploit will
get through one.

Nothing is perfect.  That is why I subscribe to defense in depth.  Use a
separate firewall as well as iptables and other IDS software on the
servers with good passwords etc.

In the end all it really does is make it more difficult for the really
determined attacker to get to the data they are after.  The only secure
system is one that is not connected to the Internet, unplugged, locked
in a vault on the moon.  And even that system is subject to being stolen
given enough time and money.  Of course it is not very useful in that
state.
-- 
Scot L. Harris
webid at cfl.rr.com

What's love but a second-hand emotion?
		-- Tina Turner 





More information about the users mailing list