From: Bryan J. S. <b.j...@ie...> - 2003-05-22 06:50:18
|
On Wed, 2003-05-21 at 08:22, James Read wrote: > Ovbiously when enabled IPCop is less secure then it being > disabled, as like a warning to users. Some commercial routers have this > feature, and it could be a another usefull thing to have in the IPCop > system? On Thu, 2003-05-22 at 00:49, ja...@gu... wrote: > IPCop is a firewall, based on Linux Kernel v2.4.... We are NOT here > to be a network printer or file server or any other type of stange > box. We do add functions like DNS and DHCP support small networks to > work easier, but these are still trimed to handle only a limit > functionality... So you can not make big mistakes. IPCop is designed to tame the rather endlessly flexible Linux platform into an easily managed solution for those less familiar with Linux, let alone general networking and security concepts. To add more and more functionality would be to break that approach. Furthermore, you normally want to _limit_ functionality on a firewall, to _limit_ the possibility that it will be compromised (the worst thing to happen to a network is for its firewall to be compromised). Just because commercial firewalls, especially those that are add-on software to general purpose OSes, allow this doesn't mean it's the right thing to do. I.e., "less secure" is a _mega-understatement_. Now that doesn't mean you have to use "raw" Linux to get more flexible capabilities. There are many solutions that will let you do more. To start, any distro with Webmin loaded atop offers some of these capabilities. I've heard E-smith is a good distribution for building "all-in-one" boxes. But I would tend to recommend you _avoid_ using your firewall box as a "all-in-one" solution. It's really worth the _small_ additional cost and effort to put two boxes in -- a firewall and a LAN server. If you're worried about power or environmental concerns, then investigate some of relatively low-cost ViA's Eden and C3 processor platforms. -- Bryan J. Smith, E.I. b.j...@ie... http://thebs.org CCA CCDA CCNA CIWSA CNA LPIC2 MCSA RHCE SCNA SCSecA + et al. ------------------------------------------------------------ Linux features clean-room, legacy UNIX(R)-free source code. Ironically, Windows incorporates plenty of UNIX(R) source. |