[CALUG] My EeePC 1000 Review

Sean Wilkerson sean at seanandheather.com
Thu Aug 14 06:13:19 EDT 2008 

Dave,
Informative review, thanks.  I am thinking about an EeePC in the next 
few months and was deciding which to get.  This helps.

*,

I think there is something else here that other responses missed:

> If you know your security, then you should know that by turning off 
> Samba, Print sharing, NFS, you would have in effect turned off the so 
> called bad services, which is what a Firewall does.

Why on earth are we equating the value of a firewall to closing 
services?  First, firewalls don't turn-off anything and this is VERY 
important to remember (defense-in-depth anyone?).

Second, a firewall does a lot more for me than to ensure I remembered to 
close and lock the door.  I may just have tcp/22 (avail only from 
specific sources) open, or maybe no port at all, but I still want 
netfilter available in the kernel and iptables to manage it.

Here are a few things that a FW might do other than mitigate the 
exposure of services that the admin (or the distro vendor) forgot to close:
- Provide detailed logs on activity regarding closed ports
- Provide you a dynamic blocking platform (see fail2ban or fwsnort
- Provide TCPOPTS/IPOPTS set in incoming packets allowing for off-line 
analysis to determine OS/platform and client which generated incoming 
packets
- Hidden-door VPN or other open port (see fwknop)
- mangling of outbound packets (for good reason of course)
- Managing the net between your VMs YOUR way, not their's
- Take a look at Michael Rash's book "Linux Firewalls" 
http://www.cipherdyne.org/LinuxFirewalls/ if you want more ideas (So 
worth the read)

I think this is a critical flaw.  It would be no problem if 
netfilter/iptables was available yet with no default config, but to not 
make it available at all is short-sighted.

That the platform's chief purpose is a non-primary computing system, 
only accentuates the need for a firewall IMHO.  A primary computing 
system will typically be used in a consistent fashion (work system, home 
system, etc.) but an Ultra-Portable Laptop can be used....anywhere quite 
easily. 


Sean

More information about the CALUG mailing list