As I understand it, it's conventional wisdom in the security world that one technique for improving security is partitioning. Keep different services on different boxes, so that if a box is compromised, the attackers are less likely to compromise further services.
But all the prepackaged free firewall distributions I see(*) load up the firewall box with stuff like DHCP, DNS, Squid, and even groupware applications. Are all these distribution builders suffering from wrongheaded marketing-driven feature creep, or is partitioning overkill for a SOHO firewall? * E-Smith, Astaro Linux, Smoothwall, to name a few. -- Bob Miller K<bob> kbobsoft software consulting http://kbobsoft.com [EMAIL PROTECTED]
