On Sun, Feb 16, 2003 at 09:50:23PM +0000, Lars Kneschke(priv.) said: > Richard Amerman <[EMAIL PROTECTED]> schrieb: > >I personaly am dedicated to the idea of a floppy based bering, but I > >find that using 2 floppies is no big deal. I'm also sure that as > >other technologies that preserve the simple and fulproof physical > >write protect concept with the floppy based installs, we can allow the > >size to grow.
At the risk of starting a flame war, what does hardware write protect gain you? Sure, you can prevent a cracker from scribbling on your boot media, but then all you've got is a router that can be rebooted to a crackable state - you're still horribly insecure, your traffic is sniffable and DOS'able. Seems to me that hardware write protect gives a really false sense of security - it's far more important to keep crackers out of your box, than to limit what they can do once they're in there. Given that hardware write protect is also an impediment to timely upgrades of important code (SSHD, shorewall, whatever), since you have to ship new physical media, I think there's a fairly compelling case that hardware write protect actually *reduces* the overall security of your router. > 2 floppys means, that you can't do a remote remote reboot, if you don't have > a second floppy drive built in. > > I like the cd-rom idea(also because i'm working on it :)). It will give more > space. And cd-rom drives are very low cost today. If we're talking lowcost boot media for Bering, then I'd strongly recommend Compact Flash and Disk-on-modules - they're cheap, and much easier to setup than all these dual media read-only rigs. I've done the full gamut of media (floppy, cdrom, hard drive) with various LRP flavours in the past, and found that floppy and cdrom systms were just to unreliable, hard drives to big and expensive, and flash based systems to be absolutely perfect. YMMV, of course. Cheers Si ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
