Michael Bryan Bell wrote: >>At Starbucks the other day (no Airport at this one), a friend of a >>friend was finishing up his homework assignment on computer security. > > > Heh, tell him to keep reading.
Tell him to keep reading and actually try it in real life sometime... > >>What intrigued me was this; >>He said the best way to set up a secure home network was to use a >>computer as server and then connect all other ubits to the server. OK, I >>was intrigued but it got over my head quickly. It made sense on first >>listening, before I forgot the details. > > > He's talking overkill. Extreme, almost masochistic overkill. :) You'll see > this in technical networking forums, where someone asks for good cheap > router recommendations and they always say (take a cheap pentium and put > linux or BSD on it!) before some calm voices of reason step in. > > One thing to keep in mind is that the "crunch box" is right now considered > to be the most secure router/firewall combination that is out there right > now. We're talking a dedicated P3 computer running a modified openBSD > <http://shopip.com/index.html> which retails for around $7k. If you weren't > familiar with him, John Draper (the inventor) didn't invent phone phreaking > and system breakins but besides mitnick was probably the most well known. > Even Steve Wozniak has gone on record as saying it's unhackable. Well, a) Kevin Mitnik's great prowness was less in hacking than in social engineering, which attackes the weakest link: the users. and B) Draper's crunchbox can be built for a hell of a lot less than $7k....with appropriate scrounging a usable router can be bult for less than the cost of the hardware cable routers, and be nearly as easy to set up. I daresay that the majority of the software in that Crunchbox is open source stuff that theyve attached an easy-to-use interface on. That said, more power to John..if he can just *please* get some of the stupider admins to use stuff like that, *my* life would be easier. "Oh no, we're secure here!" "Then how come 25 of your machines are trying to DOS me?" "Oh, *that's* why our network is so slow...I'll see if Microsoft has a patch for that..." That said, BSD out of the box, all by itself is pretty secure. A Mac running the standard install is more so..if you don't enable ftp/telnet or run a web server, there are almost no open ports on a Mac to begin with. > There is a firewall in OSX, it just isn't turned on by default. There are > numerous shareware/freeware apps to access and configure it (brickhouse > being the fav). Then, all you have to do is be able to share your connection > to the rest of the computer. Normally this is done via DHCP & NAT, and you > can download a freeware tool to enable that on OSX too. > Don't get me wrong, I'm all for security... But OSX's software firewall or a > cheap $150 router with a hardware firewall will pretty much take care you. That and common sense. Quick! How many of you have a password for OSX that's your dog's name? How many of you have taken the time to memorize (and use) a password like 7hT%4ft% ? (It's actually easy...you can memorize just about any sequence of symbols pretty quickly...as a sysadmin I keep around 25 or 30 of them in my head at any given time. If I have to change two in a week, I'm doomed, but normally I can usually get it in two tries) -- Bruce Johnson Wherever you go, there you are. -- G-Books is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- Check our web site for refurbished PowerBooks | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-Books list info: <http://lowendmac.com/lists/g-books.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
