Rev. Ben wrote:
| > Looks to me that you'll need a FreeBSD or Linux box on the
| > clone-of-the month that's cheapest. There have been some excellent
| > postings in months past that detail things to "harden" the OS such as
| > using read-only file systems, chroot etc. Accompany that with free or
| > public domain proxies and servers of your choice.
| Speaking of this, how do people feel about using this route as a 'cheap'
| firewall for quick and dirty distribution within an internal network--say
| as gateway machines to internal networks?
| MIS could periodically distribute CD-ROMs with the current configuration
| of the month to all the different sites and have them run them behind the
| firewall--make for a significantly harder internal network.
I think using cheap PCs as internal firewalls is great, only I
don't know of many sites with enough firewalls to make pressing cds
worthwhile. A firewall should be configured and monitored, and once
its in shape and working, changed as infrequently as possible. (Less
work for us consultants, but good security practice nonetheless. :)
"It is seldom that liberty of any kind is lost all at once."