[Gllug] Security from scratch or just stick with Astaro?

[Chris Bell]

On Tue 08 Apr, Justin Perreault wrote:
> 

> 
> The only files I am looking to have updated are virus and intrusion
> profiles for things like snort as well as security patches. Astaro does
> this and helps me feel comfortable about not upgrading the system every
> year.
> 
   That is done easily by IPCop. IPCop is not updated frequently, and system
updates are thoroughly checked before release.

> > At the moment IPCop has a two step update mechanism, download package
> > then upload to firewall via web interface, which may be a bit laborious.
> 
> I won't mind such for system upgrades although with what I want it for I
> usually prefer doing a full system install, upgrading the packages
> through the current blockade and then swapping out the new system for
> the old.

   That implies that you wish to re-configure every time there is a new
version, including any pinholes, VPNs, selective restrictions, etc, with the
obvious risk of errors on every update.


> 
> For the virtual machine I want to set up the system such that the host
> system does not pay attention to the traffic on the ethernet ports and
> only redirects them to what ever firewall I have set up. I have no need
> for the host to do any more than host/build virtual machines. Is this
> not possible?

   It is just another layer that could house coding errors and security
vulnerabilities.


-- 
Chris Bell NEW alternative address: chrisbell at chrisbell.org.uk
Microsoft sells you Windows ... Linux gives you the whole house.

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug