On Mon, Aug 04, 2003 at 10:49:47AM +0100, Karsten M. Self wrote:
>
> Incidentally, how much space are you dedicating to your Squid cache? I
> know that this can't be assigned directly, so either the segment size,
> or net use (du -s on cache) would be useful.
Currently (offline) /var/spool/squid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Aug 04, 2003 at 10:49:47AM +0100, Karsten M. Self wrote:
> Incidentally, how much space are you dedicating to your Squid cache? I
> know that this can't be assigned directly, so either the segment size,
> or net use (du -s on cache) would be u
on Sun, Aug 03, 2003 at 08:24:14PM +0100, Pigeon ([EMAIL PROTECTED]) wrote:
> On Sat, Aug 02, 2003 at 09:18:22PM -0700, Paul Johnson wrote:
> > On Fri, Aug 01, 2003 at 06:14:12PM +0100, Pigeon wrote:
> > > In order to make it work, I didn't have to touch anything in squid's
> > > own config, just p
on Fri, Aug 01, 2003 at 01:55:39AM -0700, Loren M Lang ([EMAIL PROTECTED]) wrote:
> Does anyone have recommendations about linux vs. openbsd? I have
> always used linux for everything and propably still will for the most
> part, but for security, would it be better to use openbsd? - From
> what
On Sat, Aug 02, 2003 at 09:18:22PM -0700, Paul Johnson wrote:
> On Fri, Aug 01, 2003 at 06:14:12PM +0100, Pigeon wrote:
> > In order to make it work, I didn't have to touch anything in squid's
> > own config, just put appropriate gateway entries in the machines'
> > /etc/network/interfaces and prox
On 3 Aug 2003, Ron Johnson wrote:
> On Sun, 2003-08-03 at 01:50, Alvin Oga wrote:
...
> > f) if you allow vpn from home and wireless access to internal servers
> >than you've got some serious "network security policy and enforcement"
> >problems
>
> Not as much as you might think.
i'd
On Sun, 2003-08-03 at 01:50, Alvin Oga wrote:
> hi ya
>
> On Sun, 3 Aug 2003, David Fokkema wrote:
>
> > On Sat, Aug 02, 2003 at 09:16:54PM -0700, Paul Johnson wrote:
[snip]
> f) if you allow vpn from home and wireless access to internal servers
>than you've got some serious "network security
hi ya
On Sun, 3 Aug 2003, David Fokkema wrote:
> On Sat, Aug 02, 2003 at 09:16:54PM -0700, Paul Johnson wrote:
> > On Fri, Aug 01, 2003 at 09:04:50PM +0200, David Fokkema wrote:
> > > How large is the risk? If someone is able to crack your firewall box, how
> > > much more trouble is it to crack
On Sat, Aug 02, 2003 at 09:19:00PM -0700, Paul Johnson wrote:
> On Fri, Aug 01, 2003 at 09:33:21PM +0200, David Fokkema wrote:
> > Why Sid?
>
> It's a home network and I'm a member of the lunatic fringe?
Ah, well that explains it, :-)
David
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with
On Sat, Aug 02, 2003 at 09:16:54PM -0700, Paul Johnson wrote:
> On Fri, Aug 01, 2003 at 09:04:50PM +0200, David Fokkema wrote:
> > How large is the risk? If someone is able to crack your firewall box, how
> > much more trouble is it to crack your DNS/DHCP/Squid server?
>
> That has too many variab
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Aug 01, 2003 at 09:33:21PM +0200, David Fokkema wrote:
> Why Sid?
It's a home network and I'm a member of the lunatic fringe?
- --
.''`. Paul Johnson <[EMAIL PROTECTED]>
: :' :proud Debian admin and user
`. `'`
`- Debian - when
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Aug 01, 2003 at 06:14:12PM +0100, Pigeon wrote:
> In order to make it work, I didn't have to touch anything in squid's
> own config, just put appropriate gateway entries in the machines'
> /etc/network/interfaces and proxy entries in my browser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Aug 01, 2003 at 09:04:50PM +0200, David Fokkema wrote:
> How large is the risk? If someone is able to crack your firewall box, how
> much more trouble is it to crack your DNS/DHCP/Squid server?
That has too many variables to properly answer fo
On Fri, Aug 01, 2003 at 03:27:35AM -0400, Tom Allison wrote:
> Mark Ferlatte wrote:
>
> >For any small (read: DS3 or less), a PC based firewall will perform just as
> >well as a hardware firewall. On the other hand, do you _want_ to be paged
> >at
> >4am because your PC based firewall ate a disk
On Fri, Aug 01, 2003 at 05:30:27AM -0700, Paul Johnson wrote:
> On Fri, Aug 01, 2003 at 03:03:23AM -0700, Steve Lamb wrote:
> > Oddly enough I'd argue that those are wasted on a router. :)
>
> My current router is a Debian Sid box on an old HP Spectra 486. It
> handles DNS for my internal ne
On Fri, Aug 01, 2003 at 05:30:27AM -0700, Paul Johnson wrote:
> On Fri, Aug 01, 2003 at 03:03:23AM -0700, Steve Lamb wrote:
> > Oddly enough I'd argue that those are wasted on a router. :)
>
> My current router is a Debian Sid box on an old HP Spectra 486. It
> handles DNS for my internal ne
On Fri, Aug 01, 2003 at 05:38:15AM -0700, Paul Johnson wrote:
> On Fri, Aug 01, 2003 at 07:22:40AM -0500, Ron Johnson wrote:
> > Wouldn't the DNS, DHCP, DHCP and Squid be on another box anyway?
>
> Optimally, yes, however if you're careful and you know what you're
> doing, you can make an almost a
On Fri, Aug 01, 2003 at 07:11:18AM -0400, Tom Allison wrote:
> Steve Lamb wrote:
> >On Fri, 01 Aug 2003 03:11:46 -0400 Tom Allison wrote:
> >
> > > These take an existing computer (Pentium 200 with 64MB RAM and 1GB
> > > hard drive, some would argue it's hardly worth pulling from the
> > > dumpster
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Aug 01, 2003 at 07:22:40AM -0500, Ron Johnson wrote:
> Wouldn't the DNS, DHCP, DHCP and Squid be on another box anyway?
Optimally, yes, however if you're careful and you know what you're
doing, you can make an almost as secure (read: just as s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Aug 01, 2003 at 03:03:23AM -0700, Steve Lamb wrote:
> Oddly enough I'd argue that those are wasted on a router. :)
My current router is a Debian Sid box on an old HP Spectra 486. It
handles DNS for my internal network as well. Optimally
On Fri, 2003-08-01 at 02:21, Tom Allison wrote:
> Ron Johnson wrote:
> > On Thu, 2003-07-31 at 08:30, Rex Chan wrote:
> >
> >>On Thu, Jul 31, 2003 at 08:50:21PM +0800, Robert Storey wrote:
> >
> > [snip]
> >
> >>The advantage of hardware firewall - most likely speed -
> >>specialised hardware t
On Fri, 2003-08-01 at 01:50, Alvin Oga wrote:
> On 31 Jul 2003, Ron Johnson wrote:
>
> ..
>
> > My neighbor is a network administrator for a *large* Windows site
> > (10,000+ PCs), and he told me that the mail and firewall servers
> > had bad stability problems until he stuffed them full of RAM.
Steve Lamb wrote:
On Fri, 01 Aug 2003 03:11:46 -0400
Tom Allison <[EMAIL PROTECTED]> wrote:
These take an existing computer (Pentium 200 with 64MB RAM and 1GB hard
drive, some would argue it's hardly worth pulling from the dumpster).
Oddly enough I'd argue that those are wasted on a router.
Paul Johnson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please avoid top-posting.
On Thu, Jul 31, 2003 at 09:25:33AM -0500, DePriest, Jason R. wrote:
But, use a desktop
firewall/IDS/IPS/whatever-they-decide-to-call-them-next system for
your end-users, as well. Windows XP has this built
Paul Johnson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Aug 01, 2003 at 03:21:57AM -0400, Tom Allison wrote:
This is assuming you are under 256 users on a subnet.
Why would it be a problem with more?
I don't know that it would and am doubtful that it would.
But I'm certain of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please avoid top-posting.
On Thu, Jul 31, 2003 at 09:25:33AM -0500, DePriest, Jason R. wrote:
> But, use a desktop
> firewall/IDS/IPS/whatever-they-decide-to-call-them-next system for
> your end-users, as well. Windows XP has this built-in (I think t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Jul 31, 2003 at 01:21:23PM -0500, Jesse Meyer wrote:
> Because of such concerns, for small networks, I would recommend a
> low-end x86 machine with a stripped down install of linux - basically,
> iptables and ssh. For complicated routing, you'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Aug 01, 2003 at 03:21:57AM -0400, Tom Allison wrote:
> This is assuming you are under 256 users on a subnet.
Why would it be a problem with more?
- --
.''`. Paul Johnson <[EMAIL PROTECTED]>
: :' :proud Debian admin and user
`. `'`
On Fri, 01 Aug 2003 03:11:46 -0400
Tom Allison <[EMAIL PROTECTED]> wrote:
> These take an existing computer (Pentium 200 with 64MB RAM and 1GB hard
> drive, some would argue it's hardly worth pulling from the dumpster).
Oddly enough I'd argue that those are wasted on a router. :)
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Does anyone have recommendations about linux vs. openbsd? I have
always used linux for everything and propably still will for the
most part, but for security, would it be better to use openbsd?
- From what I hear, openbsd is a variant off of netbsd,
[EMAIL PROTECTED] wrote:
"Andre Volmensky" <[EMAIL PROTECTED]> writes:
I have to put forward an argument to management regarding setting up a
firewall on some of our clients networks.
What are the advantages of a linux firewall over something like Windows
with WinRoute on it, or even a hardware ba
Mark Ferlatte wrote:
For any small (read: DS3 or less), a PC based firewall will perform just as
well as a hardware firewall. On the other hand, do you _want_ to be paged at
4am because your PC based firewall ate a disk?
Don't know.
My disk is 8 years old and still spinning.
If the only thing I h
Ron Johnson wrote:
On Thu, 2003-07-31 at 08:30, Rex Chan wrote:
On Thu, Jul 31, 2003 at 08:50:21PM +0800, Robert Storey wrote:
[snip]
The advantage of hardware firewall - most likely speed -
specialised hardware to deal with packet processing and the like.
So if a P2-233 w/ 32MB RAM doesn't ha
Robert Storey wrote:
A Linux-based firewall is probably good enough for the average home
hobbyist, but in a professional environment it doesn't pay to "save
money" by recycling an old PC with Linux installed in place of a router.
regards,
Robert
That's a silly thing to say when you consider that ma
Andre Volmensky wrote:
Hello all,
I have to put forward an argument to management regarding setting up a
firewall on some of our clients networks.
What are the advantages of a linux firewall over something like Windows
with WinRoute on it, or even a hardware based firewall. What are the
disadvanta
On 31 Jul 2003, Ron Johnson wrote:
..
> My neighbor is a network administrator for a *large* Windows site
> (10,000+ PCs), and he told me that the mail and firewall servers
> had bad stability problems until he stuffed them full of RAM.
my interpretation would be...
it says that windoze has a
On Thu, 2003-07-31 at 17:06, Ron Johnson wrote:
> On Thu, 2003-07-31 at 07:50, Robert Storey wrote:
> > On Thu, 31 Jul 2003 16:11:14 +1000
> > "Andre Volmensky" <[EMAIL PROTECTED]> wrote:
> >
> > > Hello all,
> > >
> > > I have to put forward an argument to management regarding setting up a
> > >
> "Andre Volmensky" <[EMAIL PROTECTED]> writes:
> > I have to put forward an argument to management regarding setting up a
> > firewall on some of our clients networks.
> >
> > What are the advantages of a linux firewall over something like Windows
> > with WinRoute on it, or even a hardware based
"Andre Volmensky" <[EMAIL PROTECTED]> writes:
> I have to put forward an argument to management regarding setting up a
> firewall on some of our clients networks.
>
> What are the advantages of a linux firewall over something like Windows
> with WinRoute on it, or even a hardware based firewall. Wh
Ron Johnson wrote:
> On Thu, 2003-07-31 at 07:50, Robert Storey wrote:
>> On Thu, 31 Jul 2003 16:11:14 +1000
>> Furthermore, Intel-based PCs have some well-known exploits
>> (such as buffer overflows) which are a function of the hardware and
>> there is no real cure because changing the C
On Thu, 31 Jul 2003, Ron Johnson wrote:
>
> > Furthermore, Intel-based PCs have some well-known exploits
> > (such as buffer overflows) which are a function of the hardware and
> > there is no real cure because changing the CPU instructions would break
> > backward compatibility.
>
> Bzz
On Thu, 2003-07-31 at 11:29, Mark Ferlatte wrote:
> Andre Volmensky said on Thu, Jul 31, 2003 at 04:11:14PM +1000:
> > What are the advantages of a linux firewall over something like Windows
> > with WinRoute on it, or even a hardware based firewall. What are the
> > disadvantages etc. I know I am
Andre Volmensky said on Thu, Jul 31, 2003 at 04:11:14PM +1000:
> What are the advantages of a linux firewall over something like Windows
> with WinRoute on it, or even a hardware based firewall. What are the
> disadvantages etc. I know I am asking on a linux users mailing list, but
> I would also l
My ideal solution is to use a Firewall/VPN Appliance (Cisco and Symantec
both have good offerings) for perimeter protection.
But, use a desktop
firewall/IDS/IPS/whatever-they-decide-to-call-them-next system for your
end-users, as well.
Windows XP has this built-in (I think they are licensing ZoneL
On Thu, 2003-07-31 at 08:30, Rex Chan wrote:
> On Thu, Jul 31, 2003 at 08:50:21PM +0800, Robert Storey wrote:
[snip]
> The advantage of hardware firewall - most likely speed -
> specialised hardware to deal with packet processing and the like.
So if a P2-233 w/ 32MB RAM doesn't handle it, try som
On Thu, 2003-07-31 at 07:50, Robert Storey wrote:
> On Thu, 31 Jul 2003 16:11:14 +1000
> "Andre Volmensky" <[EMAIL PROTECTED]> wrote:
>
> > Hello all,
> >
> > I have to put forward an argument to management regarding setting up a
> > firewall on some of our clients networks.
> >
> > What are the
On Thu, Jul 31, 2003 at 08:50:21PM +0800, Robert Storey wrote:
> Everything I've ever read indicates that a hardware-based firewall is
> more secure and reliable than an PC operating system, be it Linux or
> Windows. A PC OS has to be complex because it has so many functions to
> perform, but that
On Thu, 31 Jul 2003 16:11:14 +1000
"Andre Volmensky" <[EMAIL PROTECTED]> wrote:
> Hello all,
>
> I have to put forward an argument to management regarding setting up a
> firewall on some of our clients networks.
>
> What are the advantages of a linux firewall over something like
> Windows with W
On Thu, 2003-07-31 at 04:49, Paul Johnson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thu, Jul 31, 2003 at 01:57:00AM -0500, Ron Johnson wrote:
> > Vs. Windows:
> > - stability: you can make a Win2k box as stable as a "Unix" box
> > only by adding lots more RAM.
>
> And even
On Thu, 31 Jul 2003, Kjetil Kjernsmo wrote:
>
> The floppy is from the Coyote Linux project: http://www.coyotelinux.com/
> but you could try floppyfw too http://www.zelow.no/floppyfw/
> I couldn't get it to work with my DSL provider, which is strange since
> I'm using the same provider as the
On Thursday 31 July 2003 08:11, Andre Volmensky wrote:
> What are the advantages of a linux firewall over something like
> Windows with WinRoute on it, or even a hardware based firewall. What
> are the disadvantages etc. I know I am asking on a linux users
> mailing list, but I would also like repl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Jul 31, 2003 at 01:57:00AM -0500, Ron Johnson wrote:
> Vs. Windows:
> - stability: you can make a Win2k box as stable as a "Unix" box
> only by adding lots more RAM.
And even then, no gaurantees that the box will be reliable for very
long if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Jul 31, 2003 at 04:11:14PM +1000, Andre Volmensky wrote:
> What are the advantages of a linux firewall over something like Windows
> with WinRoute on it, or even a hardware based firewall.
If by "hardware based firewall" you mean "a real (read
On Thu, 31 Jul 2003 16:11:14 +1000
"Andre Volmensky" <[EMAIL PROTECTED]> wrote:
> What are the advantages of a linux firewall over something like Windows
> with WinRoute on it, or even a hardware based firewall. What are the
> disadvantages etc. I know I am asking on a linux users mailing list, but
On Thu, 2003-07-31 at 01:11, Andre Volmensky wrote:
> Hello all,
>
> I have to put forward an argument to management regarding setting up a
> firewall on some of our clients networks.
>
> What are the advantages of a linux firewall over something like Windows
> with WinRoute on it, or even a hard
55 matches
Mail list logo
