I swear I read this somewhere on the website, but I can't seem to find it now and I'm wondering if the concept is even still valid. The impetus here is that I'm building a router+firewall for a cramped location and it's turning out rather difficult to find a case that's small enough to fit. I'd really like to use an itx system with multiple onboard ethernet jacks and cram it into something like a MiniBox M350 or Antec ISK110, but I'm not sure if that's a good idea, security wise. Any thoughts?
Some years ago I remember reading that when using OpenBSD (or any OS,
really) as a router+firewall it was considered inadvisable from a
security standpoint to have the different networks all attached to a
single network card with multiple ethernet ports. The thinking being
that it was theoretically possible for an attacker to exploit bugs in
the card's chip to short circuit the path and route packets directly
across the card in a way pf can't control. It was also suggested that in
addition to using different physical cards, the cards should really use
different chipsets too, in case an unknown driver bug allows a short
circuit.
- Firewall question: is using a NIC with multiple jacks... Quartz
- Re: Firewall question: is using a NIC with multi... Martin Schröder
- Re: Firewall question: is using a NIC with m... Quartz
- Re: Firewall question: is using a NIC wi... Stuart Henderson
- Re: Firewall question: is using a NIC with multi... Christian Weisgerber
- Re: Firewall question: is using a NIC with m... Maxim Khitrov
- Re: Firewall question: is using a NIC wi... Quartz
- Re: Firewall question: is using a NI... Maxim Khitrov
- Re: Firewall question: is using a NIC with multi... Kimmo Paasiala
- Re: Firewall question: is using a NIC with m... Quartz
- Re: Firewall question: is using a NIC wi... Joseph Crivello
