Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] low power home server: Separate Router and Server Boxes: Security in Depth
- Date: Mon, 10 May 2010 23:27:53 -0400
- From: jep200404 <jep200404@example.com>
- Subject: Re: [tlug] low power home server: Separate Router and Server Boxes: Security in Depth
- References: <s2ga3b66a851005082029i1797a7a7i6a66f00e68b1ae4e@example.com> <4BE64E10.9050307@example.com> <w2ja3b66a851005082321n2453caben4265152f5b305b70@example.com> <4BE6746F.7010903@example.com> <4BE7F50F.8090005@example.com> <AANLkTimMwsApDv0qYpaf2HOkZGPYmIHV2VqirCiS6GEl@example.com> <4BE89967.7060808@example.com>
On Tue, 11 May 2010 08:40:23 +0900, Darren Cook <darren@example.com> wrote: [> On Mon, 10 May 2010 23:28:11 +0900, Janos Gyerik <janos.gyerik@example.com> wrote:] > > I realized it's > > not such a good idea to have my storage on the same box as the router, > > in terms of security, so I'll definitely go with a router + NAS setup > > (separate boxes). ... > > The counter-arguments are: > * Two boxes ruins your goal of low-power; It frustrates it, although it does not ruin it. I have a router that consumes about 3 Watts. An idle SheevaPlug consumes about the same. Also, one might let the router be on all the time, but only turn on the storage box as needed, so that the storage box power use might not be so important. Life is full of compromises. > * Are your files any safer if your router is compromised, > if the files are on local LAN as opposed to local disk? Yes! "Security in depth" is an old concept known in more than one realm. http://en.wikipedia.org/wiki/Defense_in_depth http://en.wikipedia.org/wiki/Defense_in_depth_(computing) http://en.wikipedia.org/wiki/Layered_security > Yes, okay, theoretically they are safer as you would configure the NAS > to not allow access from the router IP address. Not just theoretically safer, but actually safer. A compromised router would have to authenticate with the storage server. Encryption goodies can make it difficult for a rogue router to get into a storage server. Use security in depth. > But, more practically, > if all your configuration is perfect then your router isn't going to be > compromised anyway, ... True, ... > ... and the point is moot. ... but I do not confirm the antecedent. Security in depth is about how to cope with an imperfect world, about how to still have security even when one defense is compromised, there are still n-1 things to get through. > But one interesting idea is one box, two OS: one for the router, one for > the NAS and everything else. That's better than one OS in one box, but still not as robust as separate boxes. We did not even get to DNS and MAC fun.
- References:
- [tlug] low power home server
- From: Janos Gyerik
- Re: [tlug] low power home server
- From: Darren Cook
- Re: [tlug] low power home server
- From: Janos Gyerik
- Re: [tlug] low power home server
- From: Edward Middleton
- Re: [tlug] low power home server
- From: eredicatorx@example.com
- Re: [tlug] low power home server
- From: Janos Gyerik
- Re: [tlug] low power home server
- From: Darren Cook
- [tlug] low power home server
- Prev by Date: Re: [tlug] low power home server
- Next by Date: Re: [tlug] The Famous MMORPG Ultima Online on Linux
- Previous by thread: Re: [tlug] low power home server
- Next by thread: Re: [tlug] low power home server
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |