[LUNI] Making a private network somewhat public.

[Jason Rexilius]

While all of the below comments are true, I would also take a 
cost-benefit view into account.

A newer linksys firewall/router will get you 90% there at 10% of the 
cost.  The last 10% will provide diminishing returns in relation to cost 
for the majority of people.

At a very simple level if you leave it in its default config, which does 
NATing and dont map any inbound ports the connection will only be 
outbound which will keep the vast majority of the problems at bay.

The part about biggest threat being on the inside is true, but thats a 
personnel problem and extremely hard to solve with technology.

Simplest solutions are best and keeping things within your sphere of 
knowledge is going to keep things manageable.



Martin Maney wrote:
> On Wed, Dec 12, 2007 at 07:47:52AM -0600, Richard Reina wrote:
>> I appreciate the responses.  To make sure I understand correctly.
> 
> The biggest threat to most systems comes from insiders; from this it
> follows that running old, unsupported OSes is a bad idea.
> 
> Home market routers are cheap and convenient.  IMO they're probably
> *less* safe than a Linux box that's been secured and is running a
> supported OS version.  Heck, lots of the consumer boxes have been based
> on Linux - generally older versions of the kernel, and without timely
> updates (or any after the next new model has come out).
> 
> You would be far better served paying someone to help you secure the
> systems than trying to break into it after the fact.
>