[ previous ] [ next ] [ threads ]
 
 From:  David Rodgers <david dot rodgers at kdsi dot net>
 To:  kretz KPLE <bretz at kpletv dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Hotspot Access Pages
 Date:  Wed, 17 Mar 2004 13:26:47 -0600
THIS IS A FIREWALL NOT A HOTSPOT ACCESS DEVICE

search freshmeat for zonecd or linspot or something

A firewall only remains secure as long as the software that runs is is
secure and remains unreachable to the general public. Having your
firewall present a page from a webserver that that runs on it and is
open to the general public is like protecting your network with a piece
of chease cloth .... sure stuff doesn't go right through but it just
needs a little push.

All of you people that want it to do samba and nfs and .....the list
goes on and on need to just get another box to do this stuff OR YOU ARE
CREATING A SECURITY PROBLEM FOR YOURSELVES

Is is really that hard to setup a second device to be your server in
these instances????

It's very handy but even the dhcp and vpn server running on the firewall
makes me paranoid. Fortunately this amazing product was designed with
people like me in mind and can be easily disabled.

A FIREWALL SHOULD NEVER UNDER ANY CIRCUMSTANCES BE RUNNING A SERVICE
THAT IS OPEN TO THE OUTSIDE WORLD IN GENERAL .... and even running a
service like nfs or samba on the internal network on your firewall
device isn't safe if you have ANY users other than yourself using the
network.

Haven't you ever seen or met a disgruntled employee?

The servers on my dmz even run host based firewalls so they can't talk
to EACH OTHER on any port that isn't open to the public so that if one
were compromised the rest would not be fair game from it.

David Rodgers 

On Wed, 2004-03-17 at 11:13, kretz KPLE wrote:
> their has been some talk about hotspot access wanting to be add. Do we know
> if that might happen. Because it would be real nice have people have to
> login trough a web page to give them access to your internet. Don't mind
> people using my WiFi for free to surf just would like to keep tabs and limit
> access to them. So how hard would it be to add this feature to monowall.
> Brad
> 
> 
> 
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.614 / Virus Database: 393 - Release Date: 3/5/2004
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>