[ale] recommendations for a..... standalone Linux securityfirewall...

Charles Shapiro hooterpincher at gmail.com
Wed Nov 5 11:23:49 EST 2008 

Wait, no, I'm _with_ him on this. I'm a little too paranoid to simply open
my whole network, but too charitable to shut off all radio access with WEP
or WPA (as my neighbors who don't know any better do). You currently can't
talk to my personal machines from the radio side; I'm working on a fix so I
can authenticate my machines and gain access to my personal network, but
random folks from outside go through the TOS page and use the internet
without that access. I know it's do-able. Meanwhile, my machines
authenticate and I don't see a TOS page, but you'll have to connect through
a browser and bonk a button before you can use my hotspot. I figure that's a
reasonable compromise.

-- CHS


2008/11/5 Courtney Thomas <courtneycthomas at bellsouth.net>

>  Charles,
>
> Thank you for your reply.
>
> I have a couple of Schneier's books and as expected have not devoted my
> life to this subject so am content to rely on him and his ilk.
>
> However, since you point out his position, why do you bother...... knowing
> his view on all this   :-)   which you, ostensibly, reject  ?
>
> Cordially,
>
> Courtney
>
> ----- Original Message -----
> *From:* Charles Shapiro <hooterpincher at gmail.com>
> *To:* ale at ale.org
> *Sent:* Wednesday, November 05, 2008 9:53 AM
> *Subject:* Re: [ale] recommendations for a..... standalone Linux
> securityfirewall...
>
> I'm a big phan of SentryCD ( http://www.sentryfirewall.com/ ) , although I
> think it's moribund at the moment. It's CD-based but runs boot scripts off a
> floppy drive so you can load custom packages or configure it for your
> hardware.
>
> I use a couple of same-brand NICs mounted in an el-cheapo used Pentium 2
> box which a buddy of mine fobbed off on me when I took some other hardware I
> wanted more from him. I think it has 128MB of memory, which is plenty for
> what I'm doing.  You can probably buy an equivalent one at some place like
> MicroSeconds ( http://www.microseconds.net/?page=AboutUs&set_location=GA )
> for less than $100 if absolutely necessary. Tearing the HD out and running a
> CD-based distro will lower your power requirements and keep things quieter
> -- definitely an asset in a house where you're paying for heat, cooling and
> power.  Plus I think it makes the system more durable. I run the actual
> hardware 24/7 on a UPS and eventually the power-supply poops out. When that
> happens I spend a couple of hours transferring the NICs and reconfiguring
> the software and I'm back on the air. A box run in this fashion usually
> lasts 3-4 years for me.
>
> My wireless network is set up with coova ( http://coova.org) on a WRT54GL
> connected behind my firewall. I'm still workin' out some details on this,
> but it's functional and (reasonably) secure I think. I'm running an open
> hotspot with a terms of service page, but coova also has a variety of other
> authentication options which might be useful depending on your
> circumstances. Much khouler than Linksys's shipped software, yet easier to
> configure than raw OpenWRT can be. And I'm with Bruce Schneier  ( (
> http://www.wired.com/politics/security/commentary/securitymatters/2008/01/securitymatters_0110) on offering a cup of internet  to my neighbors.
>
> -- CHS
>
>
> On Wed, Nov 5, 2008 at 9:19 AM, Jim Lynch <ale_nospam at fayettedigital.com>wrote:
>
>> Geoffrey wrote:
>> > Courtney Thomas wrote:
>> >
>> >> Greetings !
>> >>
>> >> I want to use a standalone Linux box, possibly running from a CD and
>> through
>> >> which all must pass, at least from the internet, that will be a
>> firewall for
>> >> my home LAN. But if running from a CD gains nothing, forget it. I have
>> >> several older idle boxes if they'd suffice. I can also go wired or
>> wireless,
>> >> and am receptive to any setup.
>> >>
>> >> What recommendation(s) do you have for such a box, please ?
>> >>
>> >
>> > Smoothwall
>> >
>> >
>> Just curious, do you have to have a system with two NICs to run a
>> firewall? From a security standpoint, it make sense but is it a
>> requirement?
>>
>> Thanks,
>> Jim.
>>  _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>>
>
>  ------------------------------
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20081105/737e6313/attachment-0001.html

More information about the Ale mailing list