[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Newie questions about security

Celejar wrote:

> On Thu, 01 Mar 2007 13:51:11 -0800
> Paul Johnson <baloo@ursine.ca> wrote:
> 
>> Roberto C. Sanchez wrote:
>> 
>> > On Wed, Feb 28, 2007 at 01:21:46PM -0800, Paul Johnson wrote:
>> >> 
>> >> Firestarter and other Linux based firewalls are when you want to build
>> >> a
>> >> firewall for your network.  You cannot build a firewall for just the
>> >> computer you want to firewall:  Firewalls, by nature, must be on
>> >> dedicated
>> >> hardware to work.  Thus, ZoneAlarm, Kerio, BlackICE, Windows Firewall,
>> >> etc, are guilty of false advertising at best, and gross
>> >> misrepresentation at worst.
> 
> I may be misunderstanding Paul's point, but the Shorewall documentation
> has an entire page [0], titled "Standalone firewall", explaining how to
> set up Shorewall as a firewall on a standalone system.

What I said mostly applies to Windows.  While it's possible to do such a
configuration and have it work reliably on Linux, it's still better
practice to make sure systems to be protected are on their own sanitized,
safe network segment instead of trusting software on the same host as the
one to be protected from a hostile network segment.
Reply to: