[H-GEN] Good practice and home networking
Mark Suter
suter at zwitterion.humbug.org.au
Mon Sep 10 10:16:23 EDT 2007
Folks,
ben> When I went through uni, the advice there was that services
ben> should never be run on the internet-facing router. Does
ben> this still hold?
greg> That advice, for home networks, never made much sense and
greg> makes none now. Just make sure that only the services that
greg> you need and have properly configured face the bad guys;
greg> everything else should be off.
Your outermost layer of defence should consist of an transparent
bridge, a router, a firewall, several probes for your intrustion
detection/prevention system, monitoring equipment, a system for
non-repudiatable logging, ... ;)
Greg's point is that there are no fixed rules. What makes sense
when protecting a bank may actually harmful for a home network.
--
Mark Suter http://zwitterion.org/ | I have often regretted my
<mark.suter at member.sage-au.org.au> | speech, never my silence.
mobile 0411 262 316 - gpg 2C71D63D | Xenocrates (396-314 B.C.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: Digital signature
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20070911/2bc48a94/attachment.sig>
More information about the General
mailing list