Re: XP box inside the firewall
On Wednesday 30 July 2003 23:44, Jeff wrote:
> > You can set the notebook on a different network. Put the
> > firewall/router on that network with another nic. It's the
> > principle of a dmz... By putting the notebook on another network,
> > and prohibitting access from that network to the internal network,
> > you can keep your internal systems safer...
Yeah, actually, I had been thinking about it. I recently got an old 3Com
ISA card for NOK 5 (~ USD0.7) so I think I could insert another NIC.
They talked about having a Wi-Fi base station, so I thought I'd keep it
open but on a separate NIC so I can see what is going through there.
That's what I intended to use it for. But when you mention it, treating
the Windows box as a random machine trying to connect, that may be a
> This is a good option. In addition, or even instead of this, educate
> your parents about your security concerns. Assuming that you trust
> your parents, education could be the simplest solution.
Well, I think the concern is mostly having a windows box on the inside,
because it is not an option for them to not open attachments in mails
they receive. Thus far, it has been relatively easy to identify e-mails
with viruses, but it not difficult to envision a virus coming piggyback
on an attachment you do expect from a sender you usually trust, and I
think it is quite unlikely that there isn't a vulnerability in e.g.
Word that can be exploited to make Word execute a script in a Word file
regardless of if it is disabled.
So, my education of them has been pretty much "be aware that this box
can easily be exploited, therefore, make sure there is nothing on that
box that you would want to keep to yourself, and nothing that is not
stored on the Linux workstation). Then, I have taken it upon myself to
make sure that the box will not hurt the internal network or the rest
of the Internet.
firstname.lastname@example.org email@example.com firstname.lastname@example.org
Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BBC