Re: Security, to much of it.

2009-09-30 Thread David Lowe 
On Thu, Oct 1, 2009 at 3:23 PM, Craig Falconer wrote:

> David Lowe wrote, On 01/10/09 14:43:
>
>> On Thu, Oct 1, 2009 at 9:49 AM, Kerry Mayes > ke...@mayes.co.nz>> wrote:
>>Whereas IPCop by default has minimal security: nothing in, anything
>> out.
>>Perfect for parents' network?
>>
>>
>> FWIW, from my standpoint as a non-technical enthusiastic amateur, I can
>> say that I set up an Ipcop box on an old PC over a year ago, pretty much
>> default settings everywhere, and its been running ever since with no
>> interference from me. I cant even remember the last time I rebooted. In
>> fact, it was so easy i wondered if I had done it right, but everything on my
>> home network is fine.
>>
>
> Yeah - no egress filtering... so anyone on your network can be going out
> without question.  Might be okay for a home network... maybe.
>
> You can't assume there's nothing dodgy on your LAN.
>
>
> --
> Craig Falconer
>
> Yes I know - I work on the basis that if nothing bad can get in, there is
nothing bad to get out. I keep an eye on traffic which I figure will alert
me if anything bad starts happening. Mostly Ubuntu machines on the network,
but my student daughter's PC worries me.

- D

Re: Security, to much of it.

2009-09-30 Thread Craig Falconer 

David Lowe wrote, On 01/10/09 14:43:
On Thu, Oct 1, 2009 at 9:49 AM, Kerry Mayes > wrote:

Whereas IPCop by default has minimal security: nothing in, anything out.
Perfect for parents' network?


FWIW, from my standpoint as a non-technical enthusiastic amateur, I can 
say that I set up an Ipcop box on an old PC over a year ago, pretty much 
default settings everywhere, and its been running ever since with no 
interference from me. I cant even remember the last time I rebooted. In 
fact, it was so easy i wondered if I had done it right, but everything 
on my home network is fine.


Yeah - no egress filtering... so anyone on your network can be going out 
without question.  Might be okay for a home network... maybe.


You can't assume there's nothing dodgy on your LAN.


--
Craig Falconer

Re: Security, to much of it.

2009-09-30 Thread David Lowe 
On Thu, Oct 1, 2009 at 9:49 AM, Kerry Mayes  wrote:

> Whereas IPCop by default has minimal security: nothing in, anything out.
>
> Perfect for parents' network?
>

FWIW, from my standpoint as a non-technical enthusiastic amateur, I can say
that I set up an Ipcop box on an old PC over a year ago, pretty much default
settings everywhere, and its been running ever since with no interference
from me. I cant even remember the last time I rebooted. In fact, it was so
easy i wondered if I had done it right, but everything on my home network is
fine.

- David

Re: Security, to much of it.

2009-09-30 Thread Nick Rout 
On Thu, Oct 1, 2009 at 12:59 PM, Roger Searle  wrote:
> Ryan McCoskrie wrote:
>>
>> On Wed, 30 Sep 2009 19:00:11 Roger Searle wrote:
>>
>>>
>>> seems almost silly to suggest, but just in case, here goes...
>>>
>>> http://www.clarkconnect.com/help/ ?
>>>
>>> and
>>>
>>> http://www.clarkconnect.com/help/pdf/CC-Quickstart.pdf ?
>>>
>>>
>>
>> The either the quick start guide is out of date or the installer has
>> a bug.
>>
>> According to the .pdf I should be able to get everything to work in
>> the firstboot program but that hasn't been installed in it.
>>
>
> or, the distro you have isn't the latest,
>
> or, the cd you burnt from the downloaded iso is faulty in some way,
>
> or, something went wrong with the installation,
>
> or, other possibilities, no doubt.
>
> Are you certain you have the latest version?
>
> Are you certain you want ClarkConnect as a firewall? From memory and noting
> the lack of replies in this thread, I don't know that there are many/any
> people who have much experience with it on this list (was someone a year or
> more back), plenty though with IPCop or pfsense among others.  Perhaps since
> you have invested little more than an initial installation that is maybe
> broked it is worth considering starting over, beginning with downloading a
> fresh iso?  Sorry I'm not offering specific solutions to your problem as
> such.
>
> Cheers,
> Roger


IMHO clarkconnect has too many services on it to be considered
seriously for a firewall. My recollection is that it tries to be a
file server, email server, gateway, firewall, web server and many
more.

IPCOP I used for ages, its an OK product.  I suspect pfsense is the
way to go now, but I am relying on a linux based hardware router.
(linksys wrt54GL with tomato). Uses less power and handles wifi as
well as wired.

Re: Security, to much of it.

2009-09-30 Thread Roger Searle 

Ryan McCoskrie wrote:

On Wed, 30 Sep 2009 19:00:11 Roger Searle wrote:
  

seems almost silly to suggest, but just in case, here goes...

http://www.clarkconnect.com/help/ ?

and

http://www.clarkconnect.com/help/pdf/CC-Quickstart.pdf ?




The either the quick start guide is out of date or the installer has
a bug.

According to the .pdf I should be able to get everything to work in
the firstboot program but that hasn't been installed in it.
  

or, the distro you have isn't the latest,

or, the cd you burnt from the downloaded iso is faulty in some way,

or, something went wrong with the installation,

or, other possibilities, no doubt.

Are you certain you have the latest version?

Are you certain you want ClarkConnect as a firewall? From memory and 
noting the lack of replies in this thread, I don't know that there are 
many/any people who have much experience with it on this list (was 
someone a year or more back), plenty though with IPCop or pfsense among 
others.  Perhaps since you have invested little more than an initial 
installation that is maybe broked it is worth considering starting over, 
beginning with downloading a fresh iso?  Sorry I'm not offering specific 
solutions to your problem as such.


Cheers,
Roger

Re: Security, to much of it.

2009-09-30 Thread Ryan McCoskrie 
On Wed, 30 Sep 2009 19:00:11 Roger Searle wrote:
> seems almost silly to suggest, but just in case, here goes...
> 
> http://www.clarkconnect.com/help/ ?
> 
> and
> 
> http://www.clarkconnect.com/help/pdf/CC-Quickstart.pdf ?
> 

The either the quick start guide is out of date or the installer has
a bug.

According to the .pdf I should be able to get everything to work in
the firstboot program but that hasn't been installed in it.
-- 
Quote of the login: 
Any given program will expand to fill available memory.

Re: Security, to much of it.

2009-09-30 Thread Kerry Mayes 
Whereas IPCop by default has minimal security: nothing in, anything out.

Perfect for parents' network?

I know, not helpful for your current issues!

Kerry


2009/9/30 Ryan McCoskrie :
> I'm currently building a firewall box for my parents but I have run into
> the issue that it's security is actually far to tight.

Re: Security, to much of it.

2009-09-29 Thread Roger Searle 

seems almost silly to suggest, but just in case, here goes...

http://www.clarkconnect.com/help/ ?

and

http://www.clarkconnect.com/help/pdf/CC-Quickstart.pdf ?

Cheers,
Roger



Ryan McCoskrie wrote:

I'm currently building a firewall box for my parents but I have run into
the issue that it's security is actually far to tight.
It's current rejecting all request on any port[1].

I've added the desktop computers on the network into its hosts.allow
file, enabled sshd, told sshd to accept the PCs and it still rejects them

Does anyone know how to deal with this?

I'm using ClarkConnect on it which is a little strange in the way of
configuration[2] but has all of the filtering options that my parents
want.

[1] Does ping use a port? I can get that to work.
[2] /etc/hostname does nothing for a start.

Security, to much of it.

2009-09-29 Thread Ryan McCoskrie 
I'm currently building a firewall box for my parents but I have run into
the issue that it's security is actually far to tight.
It's current rejecting all request on any port[1].

I've added the desktop computers on the network into its hosts.allow
file, enabled sshd, told sshd to accept the PCs and it still rejects them

Does anyone know how to deal with this?

I'm using ClarkConnect on it which is a little strange in the way of
configuration[2] but has all of the filtering options that my parents
want.

[1] Does ping use a port? I can get that to work.
[2] /etc/hostname does nothing for a start.
-- 
Quote of the login: 
The question of whether computers can think is just like the question of 
whether submarines can swim. -- Edsger W. Dijkstra