Re: All-in-one xdsl/cable modem/router/vpn units
From: Fondula di Carceri (fondula.di.carceri_at_gmx.net)
Date: 05/10/03
- Previous message: Colonel Flagg: "Re: Secure email solution"
- In reply to: Soro: "All-in-one xdsl/cable modem/router/vpn units"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 10 May 2003 16:18:46 GMT
> I've used various Linux distros in the past for firewall/routers on adsl
> and cable connections (smoothwall, RH, Slackware etc) and these boxes seem
> to be vulnerable due to old services or BIND exploits or whathaveyou. The
> idea seems to be, keep on top of updates and patches etc and try to stop
> giving the bad guys a way in through known exploits.
Well, that's an admin's life :)
> My question is...these days there's a lot of those all-in-one
> modem/router/firewall/vpn combo boxes (D-Link 500, Netgear etc ) and if
> you just want a basic firewall and NAT with maybe a VPN tunnel they seem
> like a good alternative to running an actual box up front (lower power
> consumption, no HD, floppy etc, quiet, all solid state, no fans, config
> via browser , it's the size of a paperback book etc etc). Now, how
Correct, they are in a lot ways better: custom hardware, more-or-less shock
resistant, easy GUI-interface, they are small, ...
but,
> vulnerable would these things be? I haven't really looked heavily but
> apart from an old exploit affecting an old Alcatel xDSL modem years ago I
> haven't seen or heard much of these things being hacked at all. Is this
> the case? Are you more secure with these things or are they dropping like
> flies too ?
a lot of hardware firewall/router/proxy combo's are subject to the same
problems as their software equivalents: bad coding; thus, yes, you can
expect the same problems as with a linux box (hardware routers run on
software too, and often a unix-derivate) - but, you won't have patches
withing half an hour or something after an exploit came to public light:
commercial firms are much slower.
If you want convenience, go for a hardware thing and trust your vendors
support; If you want security, go for the homebrewn unix and continue to
spend time on it :) tough choice?
Sincerely,
Fondula di Carceri
[ fondula dot di dot carceri at gmx dot net . gpg or pgp on request ]
- Previous message: Colonel Flagg: "Re: Secure email solution"
- In reply to: Soro: "All-in-one xdsl/cable modem/router/vpn units"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
