On Wed, 25 Feb 2004 23:31, David Taylor wrote: [snip] > An alternative that looks promising is the Netboz firewall. It runs from > the CD and loads config from floppy, there is a hack to load onto a hard > drive, but it is made to run from a CD. That way there is no media that > can be written to if the box gets owned. The theory is, you just turn it > off and on again. I have not tried it, but it looked good.
You switch it off, back on again... and it just gets "0wn3d" again ;-) The attacker just repeats what they did last boot, no? My point: how do you fix security vulnerabilities when they are discovered / patched? You burn a new CD every time? Most people won't bother. Then you'd also need to reboot (off the new CDR) every time, wouldn't you? Seems a shame... I think I'll stick with IPCOP myself because it's _dead_simple_ to keep up to date with patches. One click and it's done, and I only need to reboot it for kernel patches and the like. It takes up probably about 30 seconds of my time a month keeping it up to date :-) And assuming you back your config up to floppy, if you ever need to reformat / reinstall, it'll only take you marginally longer than a reboot anyway ;-) Cheers, Gareth
