[32022] in North American Network Operators' Group
RE: Security on a home DSL Line
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Fri Nov 3 10:51:16 2000
Message-ID: <47FE39302BF73B4C93BC84B87341282C1E7A@condor.lvrmr.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: "'sfiggins@mail.wcg.net'" <sfiggins@mail.wcg.net>,
nanog@merit.edu
Date: Fri, 3 Nov 2000 07:44:00 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
I did that ... too much work. Easier to install an appliance.
> -----Original Message-----
> From: Sean Figgins [mailto:sfiggins@mail.wcg.net]
> Sent: Friday, November 03, 2000 7:33 AM
> To: nanog@merit.edu
> Subject: RE: Security on a home DSL Line
>
>
>
> Of course, for those that don't know how to install a OS
> without the use of
> GUIs, you can always install FreeBSD just about as easily as
> Linux, and have
> all the security of IPFilter over IPChains... I've used this
> method to do
> everything from a Dial on Demand NAT gateway, to a full fledged
> firewall/router solution.
>
> Of course, my home network is behind more sophisticated
> security now, but
> if/when I ever change jobs and network providers, I'll be
> going back to the
> FreeBSD firewall/NAT method.
>
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> Brandon Hume
> Sent: Friday, November 03, 2000 9:07 AM
> To: nanog@merit.edu
> Subject: Re: Security on a home DSL Line
>
>
>
> >Otherwise, your idea is perfect; Linux or OpenBSD, whichever you're
> >more comfortable with, will give you the most flexibility,
> and Solaris x86
> >might work but will be dog-slow and unless you have a lot of RAM,
> >completely unusuable.
>
> For such a weakly defined measure of "a lot of RAM", this statement is
> inaccurate. Solaris 8 x86 will run comfortably, without X
> and superfluous
> processes (to say: a rational firewall/NAT box configuration)
> within 12M
> of RAM. A passing knowledge of Solaris would not let a
> person know this to
> be true, however, since Sun states its memory requirements on
> the assumption
> you'd be using X.
>
> That being said, OpenBSD is probably the best choice. It
> requires more
> skill
> to install, but less skill to secure, and would probably run
> better *by
> default* on a minimal machine. After that I'd suggest
> Solaris, since it
> installs less crap than most of the Linux distributions (note: most).
> Driver issues might force your hand to the Linuxes, of course.
>
> I also place OpenBSD and Solaris above Linux because they
> both give you the
> use of IPFilter, which I believe to be just flat-out superior
> to IPChains.
>
> --
> Brandon Hume - hume -> BOFH.Halifax.NS.Ca,
http://WWW.BOFH.Halifax.NS.Ca/
-> Solaris Snob and general NOCMonkey
