> -----Original Message----- > From: Di Fresco Marco [mailto:[EMAIL PROTECTED] > Now my question is: if I do not correctly and strongly configure the > firewall (as I said I am a newbie, even if I am reading HOWTOs), is > there a chance that some attacker could crack into the firewall > (Linux) box (because the firewall is not well configured), take > advantage of the local connection and crack also into the other > computetr (the new one that I will use for daily use and it is going > to have WinXP)?
Yes, and in fact, I would count on it, if you misconfigure your firewall. I've seen some stories that say the average lifespan (unhacked) of a Redhat Linux 5.0 machine without patches put on the internet is something like 10 minutes. Redhat Linux 9.0 is more forgiving at this point, but it's still measured in days if left unpatched and fully exposed. A misconfigured firewall is functionally identical with NO firewall in the areas where it's misconfigured. > My actual configuration is a single PC (the one that will become the > old one) with WinXP Pro. and two desktop firewall (ZoneAlarm and > McAfee Firewall 4) connected directly to the cable modem. Would be > better (or at least less insecure) if I put the new PC (that will > have WinXP Pro.) directly connected to the cable modem with those two > desktop firewall and put the PC with Linux beyond the new one (and > use it only to exercise with Linux and not for firewall)? If you really want to turn it into a Firewall, try using a pre-rolled Linux firewall distribution, such as IPCop, SmoothWall, etc. Or, if you can stand to make mistakes, you could try using ShoreWall on a Redhat distribution, or try one of the BSDs. You'll learn more from Shorewall or a BSD, but you're also much more likely to make a major mistake, if you don't really know what you're doing. IPCop V1.3 uses IPTables, and is a "prerolled" Linux Firewall; it's all set to go out of the install in most cases. You can then tinker to your heart's content to get it just the way you want. You can't, however, add other apps easily, and it's JUST A FIREWALL. If you want something else, you might try Clark Connect, or Mandrake SNF, or some such, but be aware, anything you ADD to a firewall is a potential security hole. > Thank in advance. No Problem Bill Ward -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
