programm issues--moving files back and forth

Tue Nov 25 19:02:57 EST 2008

On Tue, 25 Nov 2008, Kerry Hoath wrote:

> We're running Cisco classes next year for the vision impaired, www.cucat.org.
> 
> dmz is a bad idea, anyone who forwards all ports to any box without serious
> consideration for network security is asking for trouble,

Anyone who puts anything on a two-way connection without serious 
consideration for network security is asking for trouble.  But that is 
neither here nor there: who's to say that he hasn't considered network 
security?

 > similarly to those who run modems in bridge mode and the like.

You would seem to be saying, that "If your router isn't providing 
security, then you have none".
I'm sorry, but this is a Ciscoian mind-set if ever I heard one.

If the system is secured by reasonably good firewalling software--and 
iptables and its higher level abstractions such as ferm certainly 
qualify--there is very little wrong with doing what he is doing.
After all, how many routers are running Linux and Iptables these days for 
this very thing?  And many of them Linksys, now owned by Cisco.

If iptables is setup correctly, this is no different than running a server 
on a business class connection--you must still take steps to protect the 
ports of the server, regardless of whether you have a router.  For 
smaller (T1, etc.) installations, the router is usually ISP administered, 
and you can not block any ports without special arrangements.

Now, the value of DMZing in this arrangement is dubious for the simple 
fact that it seems unnecessary, but not knowing what kind of router he 
has, it is hard to say that there are better options available, although 
there should be.

> It appears to me as though you are looking at your problems in terms of
> solutions, rather than defining the problem and solving the route causes.

On that I will agree with you--I have said that before about his 
methodology, but we can but point this out, and then try to answer the 
questions presented or provide better advice; with the only other option 
being to say "you're doing it wrong, good luck figuring out how".  I, for 
one, do not choose such a hard line approach.  I have not always gone 
about things in the generally accepted way, and some times you really do 
have a good reason for it, and just need to know how best to do it wrong, 
because right is not possible.

 > Why these problems are an issue for the speakup list; i'll never know;
> although it seems the list for any blinky linux trouble these days.

There are two reasons for that I suppose.

One is that most don't know of other options, and many of the more 
knowledgeable non-specialized types hang out here.  This is a commandline 
related list, and most of these problems relate to things at that level.

For me, for example, the only general list I know of, is the 
blinux-list, which at least used to be hosted by Redhat.  There were 
reasons not to like that list, and many to like this one, including the 
fact that Kirk does not often complain about off topicness.

Perhaps Kirk sees it as a list for users of speakup, as opposed to 
a list for discussions about the use of speakup.  If so, then general 
questions would seem reasonable.

JMHO.

Luke