A 1GHz machine, loaded up, is going to have not only oodles of CPU
and RAM, but also far more disk space than the job needs, and almost
certainly various other unnecessary frills (sound, for instance?).
Some of those extra devices, or their drivers, will probably have
vulnerabilities since they were never intended for firewall use.
This is in addition to the less-direct threat that an admin, given
such a machine, may be tempted to take advantage of the excess
capacity by loading it with additional functions....
David Gillett
On 8 Jun 2001, at 10:24, Michael T. Babcock wrote:
> > > $1,000 i could buy a 1 Ghz Pentium machine (sans monitor) loaded up
> > > :)
> >
> > Do you understand why this machine would be a poor basis for a
> > firewall?
>
> With the advent of custom kernels in *BSD and Linux, building a
> stripped-down OS to run as a firewall is not that difficult if you're
> concerned about other layers in the OS.
>
> --
> Michael T. Babcock
> CTO, FibreSpeed
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
