Chuck,
Questions 1-6: I have no idea.
Question 7: No!
Charlie
On Fri, Jan 17, 2014 at 10:18 AM, Chuck Norcutt <
chucknorcutt@xxxxxxxxxxxxxxxx> wrote:
> Moose's last post about building a new fire-breathing computer and
> equipping it with the Zone Alarm firewall causes me to ask a question
> that has been on my mind the last couple of weeks.
>
> Independent of OS and real/perceived vulnerabilities do we really need
> software firewalls if our machines are talking to the internet through a
> router? One of the functions of a router is to hide our real IP
> addresses from the outside world.
>
> (1) Assuming we haven't deliberately established ports for peer-to-peer
> connections (?) are we not safe from outside probing given that we're
> hidden behind the router?
> (2) If not, what function does the software firewall provide that the
> router doesn't?
> (3) Is the distinction even important now that most security breaches
> are passing through our browsers? (maybe Apple guys should pay
> attention?).
>
> Now some other security related questions having to do with Linux
> because, after following "Krebs on Security" recently
> <http://krebsonsecurity.com/> , I've become paranoid about doing banking
> and financial transactions on Windows. According to Krebs and others
> the most secure way to operate is by using a Linux distribution on Live
> CD. Since the CD is not writeable the OS cannot be modified. My wife's
> old Dell laptop is still running XP and needs to be replaced with
> something more modern. My thought was to repurpose the old laptop as a
> dedicated Linux machine whose only purpose is financial transactions and
> the only websites it ever visits is those of the financial institutions.
>
> But I have a few questions about such a configuration.
> (4) Since a Live CD is not writeable how is configuration data saved
> (such as URL favorites for the browser and other stuff)? Does that not
> require at least some other small storage device? How is it selected?
> (5) That question doesn't arise if Linux is installed on a USB memory
> stick or flash card on USB adapter. That should also improve boot time
> but seems to undo the security of the unwriteable Live CD. I had
> thought that maybe an SD card could be used with its write protect
> switch set to prevent writing but my understanding of that is that it's
> not really a hardware prevention but a software convention providing no
> real security. Anyone know for sure?
> (6) If the Linux machine is residing on a (mostly) Windows LAN is the
> Linux machine still vulnerable through the LAN? If so, is it possible
> to isolate the Linux machine by installing it behind a second router?
> If so, how are two routers installed behind a single cable modem? Can
> one simply install a switch and plug both routers into the switch?
> (7) Am I overly paranoid?
>
> Thanks for any answers,
> Chuck Norcutt
> --
> _________________________________________________________________
> Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
> Archives: http://lists.thomasclausen.net/mailman/private/olympus/
> Themed Olympus Photo Exhibition: http://www.tope.nl/
>
>
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|