On Thu, Jul 05, 2007 at 07:25:15PM -0400, Douglas Allan Tutty wrote: > On Thu, Jul 05, 2007 at 08:43:34AM -0700, Andrew Sackville-West wrote: > > On Tue, Jul 03, 2007 at 10:00:35PM -0400, Douglas Allan Tutty wrote: > > > On Tue, Jul 03, 2007 at 06:22:46PM -0500, Ron Johnson wrote: > > > > On 07/03/07 13:25, Andrew Sackville-West wrote: > > > > > > > > >Dom0: local file server (video, music, local backups) > > > > > DomU1: firewall > > > > I understand the need for a small, "separate" firewall. > > > > > > Does this really give any more security than running the firewall as a > > > regular part of the main box? Is it as secure as a separate old > > > computer? These three (plus I suppose a commercial hardware firewall) > > > seem to be the choices. How do they compare for security? > > > > > I don't think there is anything wrong with a debian machine on the net > > with its local firewall as the only thing protecting it. But I think > > if you want anything more sophisticated, some sort of seperate device > > is the way to go. > > > > So what about a virtual box as a firewall? That virtual box may have > less on it but it exists in the same physical box as everything else. > Doesn't the virtualization mean that there is one more thing that could > have a vulnerability? sure. I view it as one additional vulnerability versus the many potential vulnerabilities of a full system. But I am no security expert by any stretch of the imagination. > > In general, I agree with you and with old boxes being free it makes > sense that once one has more than a couple of boxes to have a spare box > as a firewall. I'm all for the old boxes, but at some point the power becomes an issue... much better to have one box running at high capacity than lots of boxes sitting around spinning fans... .02 A
Attachment:
signature.asc
Description: Digital signature