From: Friedrich L. <fl...@fl...> - 2001-09-15 11:19:24
|
Hi! Martin Mueller wrote: > > Well, I'd oppose a mounted CD, since I have quite bad experiences with > long running systems and CD-Rs / CD-RWs. I run about 15 firewalls from > CD, which I created myself and they usually fail to work after 1-2 > years, since the CD gets unreadable sectors, because of the constant > heat in the cdrom drive. So think it quite advisable to be able to > take the CD out while the system is running to replace it with working > one. That might be true, but from my point of view I would rather change the cdrom drive. If the system run's from RAM we are more susceptible to the matter that a hacker that cracked into our firewall can change everything. If you run the same CD for 1-2 years you are out of luck anyway, because you're hopefully out of date - what, if one of the daemons or the kernel has a bug? I would suggest updating the CD _at least_ every 6 month. How about the CD-ROM drives themself, how long do the work flawlessly? If they only work for 1-2 year what's the cost of a new drive? Only about $47 / 100 DM / 700 ATS. That's _nothing_ compared to the costs when you're cracked. > The other point is, in the whole time I run these firewalls, I never > got an attack on the firewall itself, just on the systems behind it. How? A descent firewall should be the point of attack not the systems behind it. Do you use ip-port-forwarding? -- MfG / Regards Friedrich Lobenstock |