[KLUG Members] Re: Nautilus in RH 7.3 and Samba shares...revisited... --
dedicated firewalls are best
Tahnesha Pinckney
members@kalamazoolinux.org
Thu, 05 Dec 2002 14:51:55 -0500
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.
--=_6D31B279.11701941
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
>>> "Bryan J. Smith" <b.j.smith@ieee.org> 12/05/02 02:38PM >>>
Quoting Tahnesha Pinckney <tep@hanify.com>:
> >>Yeah, I'm surprised too..but until I get this Samba thing
down-pact,
> I guess this sort of access will have to do.
It's just one of those "I don't like my users accessing things freely."
It's an
UNIX mentality that isn't shared by Novell nor Microsoft.
That's very true...although, if you ask me, I would have preferred
setting up a Novell/Unix network instead of a Windows/Unix one. But,
because my position requires me to become an MSCE I decided on the
latter.... :(
> >>Now that's one mistake I haven't committed. I just wanted to
setup
> the samba share first since there were some files I needed to access
> on my windows machines. Although, from what I hear, I probably
should
> have started out creating NFS shares first since it's a bit easier
than
> Samba. But, as usual, I always do things the hard way.
Well, if you have both Windows and UNIX clients, they you'll need to
learn both.
That's because your life is most simple if you use the service the
_client_
expects. I.e. SMB for Windows, NFS for UNIX.
> >>I plan on doing that sometime soon, but since there is no active
> internet connection except for my trusty 56K modem on my W2K box, a
> firewall is not the top of my priority list.
Oh, so you're not sharing the Internet connection on your network.
Good.
No, although when I get a cable modem (which might be sooner rather
than later despite how heart-wrenching it will be for me), this will
have to be taken into consideration.
> However, since you brought it up, would you happen to know of any
> good ones out there,
The best firewalls are the ones that don't do anything else. I.e.,
don't use
software firewalls unless they are on a dedicated PC doing nothing
else).
> easy enough to configure,
Most hardware firewalls (or software on a dedicated PC doing nothing
else) are
configured via web browser.
> but strong enough to block almost everything?
See, that's the delima. A "strong firewall" will prevent 90% of
horrendous,
Internet-enabled Windows applications from working. Most Windows
application
developers don't know what they are doing, including Microsoft's own
application
division, so they design these piss-poor protocols that hate
firewalls.
The result is that they either don't work with firewalls, or firewalls
must have
more "lienient" rules.
> I'm very interested in BlackICE defender, but I'm not sure of it's
> comptability issues with Linux systems.
It's a Windows software firewall. It's not nearly as good as dedicated
hardware.
If you have an old 486 or Pentium with at least 8MB of RAM, check out
IPCop:
http://www.ipcop.org
The Linux kernel has a built-in firewall, at the network-level.
Nothing
available for Windows compares. IPCop is based on Linux. 100% Web
configured.
Just grab the .iso CD image file, burn it with whatever burner software
you
use, and boot it on the box.
I have a PII 200MHZ, 94MB slim-line desktop PC at home doing nothing
but collecting dust. And I have an extra copy of RH 7.2 as well. I
guess I could use that instead of buying a hardware firewall since they
can run for quite a bit of $$.
--
Bryan J. Smith, E.I. (BSECE) Contact Info: http://thebs.org
[ http://thebs.org/files/resume/BryanJonSmith_certifications.pdf ]
------------------------------------------------------------------
The more government chooses for you, the less freedom you have.
--=_6D31B279.11701941
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-Description: HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4807.2300" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 8pt Comic Sans MS; MARGIN-LEFT: 2px"><FONT
size=2></FONT>
<DIV><BR><BR>>>> "Bryan J. Smith" <b.j.smith@ieee.org> 12/05/02
02:38PM >>><BR><BR>Quoting Tahnesha Pinckney
<tep@hanify.com>:<BR>> >>Yeah, I'm surprised too..but until I get
this Samba thing down-pact,<BR>> I guess this sort of access will have to
do.<BR><BR>It's just one of those "I don't like my users accessing things
freely." It's an<BR>UNIX mentality that isn't shared by Novell nor
Microsoft.</DIV>
<DIV> </DIV>
<DIV>That's very true...although, if you ask me, I would have preferred setting
up a Novell/Unix network instead of a Windows/Unix one. But, because my
position requires me to become an MSCE I decided on the latter....
:(<BR><BR>> >>Now that's one mistake I haven't committed. I just
wanted to setup<BR>> the samba share first since there were some files I
needed to access<BR>> on my windows machines. Although, from what I
hear, I probably should<BR>> have started out creating NFS shares first since
it's a bit easier than<BR>> Samba. But, as usual, I always do things
the hard way.<BR><BR>Well, if you have both Windows and UNIX clients, they
you'll need to learn both.<BR><BR>That's because your life is most simple if you
use the service the _client_<BR>expects. I.e. SMB for Windows, NFS for
UNIX.<BR><BR>> >>I plan on doing that sometime soon, but since there is
no active<BR>> internet connection except for my trusty 56K modem on my W2K
box, a<BR>> firewall is not the top of my priority list.<BR><BR>Oh, so you're
not sharing the Internet connection on your network. Good.</DIV>
<DIV> </DIV>
<DIV>No, although when I get a cable modem (which might be sooner rather than
later despite how heart-wrenching it will be for me), this will have to be taken
into consideration.<BR><BR>> However, since you brought it up, would you
happen to know of any<BR>> good ones out there,<BR><BR>The best firewalls are
the ones that don't do anything else. I.e., don't use<BR>software
firewalls unless they are on a dedicated PC doing nothing else).<BR><BR>>
easy enough to configure,<BR><BR>Most hardware firewalls (or software on a
dedicated PC doing nothing else) are<BR>configured via web browser.<BR><BR>>
but strong enough to block almost everything?<BR><BR>See, that's the
delima. A "strong firewall" will prevent 90% of
horrendous,<BR>Internet-enabled Windows applications from working. Most
Windows application<BR>developers don't know what they are doing, including
Microsoft's own application<BR>division, so they design these piss-poor
protocols that hate firewalls.<BR><BR>The result is that they either don't work
with firewalls, or firewalls must have<BR>more "lienient" rules.<BR><BR>> I'm
very interested in BlackICE defender, but I'm not sure of it's<BR>>
comptability issues with Linux systems.<BR><BR>It's a Windows software
firewall. It's not nearly as good as dedicated hardware.<BR><BR>If you
have an old 486 or Pentium with at least 8MB of RAM, check out
IPCop:<BR> <A
href="http://www.ipcop.org/">http://www.ipcop.org</A><BR><BR>The Linux kernel
has a built-in firewall, at the network-level. Nothing<BR>available for
Windows compares. IPCop is based on Linux. 100% Web
configured.<BR>Just grab the .iso CD image file, burn it with whatever burner
software you<BR>use, and boot it on the box.<BR></DIV>
<DIV>I have a PII 200MHZ, 94MB slim-line desktop PC at home doing nothing but
collecting dust. And I have an extra copy of RH 7.2 as well. I
guess I could use that instead of buying a hardware firewall since they can run
for quite a bit of $$.<BR><BR>-- <BR>Bryan J. Smith, E.I.
(BSECE) Contact Info: <A
href="http://thebs.org/">http://thebs.org</A><BR>[ <A
href="http://thebs.org/files/resume/BryanJonSmith_certifications.pdf">http://thebs.org/files/resume/BryanJonSmith_certifications.pdf</A>
]<BR>------------------------------------------------------------------<BR>
The more government chooses for you, the less freedom you
have.<BR><BR></DIV></BODY></HTML>
--=_6D31B279.11701941--