Bootable CD w/OS for firewall
Don Levey
lug at the-leveys.us
Wed Sep 15 10:24:00 EDT 2004
Eric wrote:
> --- Bob George <mailings02 at ttlexceeded.com> wrote:
>
>> miah wrote:
>>
>>> doesnt smoothwall do all this already?
>>
>> It certainly does the lightweight firewall portion. After a quick
>> skim of the website, I'm not under the impression it's
>> meant as "run from CD".
>
> Hi. I am currently using smoothwall and it's very
> easy to configure and a real pleasure to use. Last
> night I was trying to get my buddies crappy dell
> wireless router to work. 2 hours and all I could get
> was the wireless part to work but not the ethernet. I
> almost lost my mind. I have also owned linksys
> products and like them for what they are. So ah, why
> do you want to run off a cd? Is the security
> advantage that great? (I have not tried using
> smoothwall this way and I'm not sure if you can.)
> Good Luck!
>
There are a couple of reasons:
The files are constant, read-only. No-one can make changes to the firewall
rules, slip in trojans, backdoors, or substitutes for the 'ls' command,
enable a mail server and start sending spam, etc. A quick reboot will solve
all of that - the same files come up again, just as I burned them. Keeping
a hard disk around for logs means that, well, I can keep logs of any
activity. Very useful; that's why we havethem.
Others have already mentioned why I might need to burn a new CD: a fix for a
new vulnerability, someone compromises a key or password. I could also burn
a new CD if I need to update the firewall rules themselves; for example, to
more securely block off an IP that's trying to do me harm...
-Don
More information about the Discuss
mailing list