On Wed, Sep 01, 2004 at 01:25:38AM +1000, Michael Chesterton wrote: > If you're talking about adding a dedicated firewall to protecting one > home pc/ip which is capable of being locked down itself (which is how > I'm reading it), I think it's a bit obsessive. Lock down your home pc > with iptables and other sensible measures. > > What security are you buying with a dedicated firewall for one home > pc, anyway?
The ability to better control what goes in and out of that PC. Firewalls on the same host are of very limited utility once the machine has been compromised -- they can easily be removed or modified. A firewall on a separate machine is another piece of equipment that has to be compromised, and you can make them *very* hard to pop open by various techniques. Paranoia doesn't mean they aren't out to get you. - Matt
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
