On Feb 13, 2011, at 9:09 AM, Tixy wrote:
(I don't discount me getting something horribly wrong, this setup is
only a few weeks old and my first foray into firewalls and routing.)
Computer security is so much fun! /-;
As others have pointed out, it is *possible* for an attacker to get
directly to the client machines without going thru your server.
However, it's not as likely to actually happen as they make it seem.
I can think of a couple of ways a determined enemy could do it, but it
would require a specialized attack knowing many of the details of your
setup. It's unlikely that a random script-kiddy would have the
detailed expertise (or the persistence) required.
Sooooo... unless you've made some enemies in places like the American
CIA or the Russian Mafia you're probably safe.
That said, there's a cheap way to be a bit safer: Buy a USB to
Ethernet adapter (about US$30 in office supply stores) and use it to
attach your Sheeva-plug to the ADSL-Modem. This way you can keep the
switch (with only the clients connected to it) on the Sheeva's Gig-E
port. Then the hypothetical bad-guy who has taken over the modem has
one more level of firewall to get thru in the Sheeva before he can
have his way with your client machines.
Have fun!
Rick
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4cc3eaa7-c7d9-4a68-ba43-dd234b3f2...@pobox.com
