On Tue, 29 May 2001, Hiemstra, Brenno wrote:
> Although there are some issues in your setup. It would make it a bit
> harder to penetrate your network for the real scriptkid. But it's not
> definately a fool- / bulletproof setup. And installing a Linux based
> system isn't going to be the solution if you don't harden it and set
> up a correct and more strict rulebase.
As Phillip said, it's non-critical data on the workstations so, apart
from personal interest and the will to learn more, I don't see any
pressing reasons to change the setup. To me, taken into consideration
the use and need, his setup sounds fine. Of course, I'm an *IX person
so, everything that relates to Windows sounds a bit dubious to me but,
that's just personal preference.
One point, that speaks for Windows as a firewall is that with Windows
the computer can be taken down (=crashed), for sure but, you pretty much
can't hack into it like you could to an *IX system, since there is no
shell access in Windows, from the outside - unless of course, you have
some specific program(s) running for that (yes, I am aware there are
plenty of programs like BackOrifice and such). Also, you can't break into
a Windows system with just telnet <host>, login: root, password: tooeasy
(the irresponsible-or-just-plain-stupid-root syndrome).
Then again, learning *IX systems is always good, so Phillip could take
it as "the next logical step" ;)
.pi.
--
Petteri Lyytinen + [EMAIL PROTECTED] + http://www.cs.tut.fi/~typo/
+ Watashi no chikara de susumu +
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
