Yeah, Bob, I'm looking at some of this and wondering where the line needs to be drawn...
on one level, a little SMC or Linksys is the answer. But as Michelle said to me recently, they won't do stateful... and on the other end of the spectrum is the invisible firewalls she and Tim have done... But then a 'single box' is a attrative answer, but it's also a single point of failure. I'm thinking about this stuff a lot lately, becasue of the stuff I want to setup... --- Bob Miller <[EMAIL PROTECTED]> wrote: > As I understand it, it's conventional wisdom in > the security world > that one technique for improving security is > partitioning. Keep > different services on different boxes, so that > if a box is > compromised, the attackers are less likely to > compromise further > services. > > But all the prepackaged free firewall > distributions I see(*) load up > the firewall box with stuff like DHCP, DNS, > Squid, and even groupware > applications. > > Are all these distribution builders suffering > from wrongheaded > marketing-driven feature creep, or is > partitioning overkill for a SOHO > firewall? > > * E-Smith, Astaro Linux, Smoothwall, to name a > few. > > -- > Bob Miller K<bob> > kbobsoft software consulting > http://kbobsoft.com > [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1
