On Sun, Mar 28, 2004 at 06:10:52PM +0200, Wolfgang Jeltsch wrote: > Am Sonntag, 28. M?rz 2004 19:04 schrieben Sie: > > [...] > > > You don't really run workstations directly on the internet do you? > > I do. > > > You might consider getting yourself some kind of hardware based > > firewall/NAT box. Either buy an appliance, of cobble together a PC for > > ip-cop or similar. > > Isn't it overdone to buy a firewall/NAT box for just connecting your home PC > to the internet?
Buy? A 100MHz Pentium is good enough, and they come for free. > What's wrong with just disallowing nearly every incoming > connection via iptables? If you use a separate box, you can run sarge or sid on the workstation, and woody with security updates on the firewall. Or ipcop, or something else which is focussed on security. The more minimal the installation on the firewall, the fewer potential holes there are to crack it. You get better security with the firewall, and the most up-to-date stuff on the workstation. -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
pgp00000.pgp
Description: PGP signature
