Well, once again Microsoft decided to make their own implementations of standards (remember what happened with Java?). This time they decided that TCP/IP 'raw sockets' are dangerous: "Supporting packet sends from simple user-mode raw sockets makes it entirely too trivial for compromised systems under control of hackers to launch massive distributed denial of service attacks," (Microsoft warned in a statement to ZDNet Australia).
I´m nor a TCP/IP expert, neither a TCP/IP developer to fully understand this issue and make my own technical based conclusions, so I will use common sense instead.
Microsoft need to make their own modifications to standards and other OSes developers do not need this type of modifications. If this changes are needed on Windows in order to make it more secure, why do other OSes do not need this changes?. Are other OSes less secure or do they really do not need this changes?
We can safely assume other OSes do not need this changes, because neither Mac OS X, Linux, the BSD variants, and many others developers do not said or do nothing about this. Perhaps all the other OS developers are wrong and only Windows developers have the truth...hmm, no I do not think so.
So if other OSes do not need this changes the only conclusion we can get is that Windows need this changes in order to be secure because of Windows design flaws.
Make your own conclusions.
jueves, 28 de abril de 2005
jueves, 14 de abril de 2005
Testing m0n0wall
Well, as I write this, I'm testing m0n0wall as my firewall. It's quite a good piece of software, but I think it's somewhat "less" that what I'm looking for. Don't get me wrong, it has many usefull features like an excellent traffic shapper, VPN support, and many more, but I miss the IDS (snort) and the lots of status pages of IPCop. And keep in mind it's designed for SBCs (single board computers) so it's impressive all the features it has on such a small footprint. Anyway I will keep trying and will let you know.
domingo, 10 de abril de 2005
New TLD’s (Top Level Domains)
Well, once again, we have two new TLD's. This time they are .jobs and .travel. My question is: Were they REALLY needed?. I think ICANN keeps approving new TLD's wich people don't really need. Do you know all the TLD's available?, or you just keep surfing .com, .net, .org, .edu, .gov and countries top level domains only?
I know many companies want a domain already taken, so using it with a new TLD is an option, but I do not think it's good for users, they just get confussed.
Unfortunately this seems to keep going, .asia, .mail, .tel, and .xxx are still pending for a decision.
If we think that each activity needs there own TLD, then we will have countless TLD's. So in my opinion they are pretty useless.
You don't need to be very smart to know that you will be forced to but more domain names and of course this generate money to "other people".
If for example you have a travel agency, and you have a couple of domains like "mytravelagency.com" and "mytravelagency.net", now need to own "mytravelagency.travel", so go ahead and pay for a new domain you don't really need, don't want, and were not looking for, but someone could pick it up and steal customers, so now "other people" had created a need for you and you have to pay for it.
No more words.
I know many companies want a domain already taken, so using it with a new TLD is an option, but I do not think it's good for users, they just get confussed.
Unfortunately this seems to keep going, .asia, .mail, .tel, and .xxx are still pending for a decision.
If we think that each activity needs there own TLD, then we will have countless TLD's. So in my opinion they are pretty useless.
You don't need to be very smart to know that you will be forced to but more domain names and of course this generate money to "other people".
If for example you have a travel agency, and you have a couple of domains like "mytravelagency.com" and "mytravelagency.net", now need to own "mytravelagency.travel", so go ahead and pay for a new domain you don't really need, don't want, and were not looking for, but someone could pick it up and steal customers, so now "other people" had created a need for you and you have to pay for it.
No more words.
jueves, 7 de abril de 2005
Mandriva Linux
The Mandrake and Connectiva fusion has new name, it's called Mandriva. Personally I dislike that name, but it reflects both old names. What will bring this to all Mandrake users?, who knows!!. Personally I´m thinking of moving to another distro, perhaps Kubuntu.
It's not the name change, I was thinking about this before. I like the idea of moving from RPM to DEB package system, so I can clearly go to Debian too, but I think I will go with Kubuntu.
It's not the name change, I was thinking about this before. I like the idea of moving from RPM to DEB package system, so I can clearly go to Debian too, but I think I will go with Kubuntu.
domingo, 3 de abril de 2005
Single Board Computer Firewalls
Since a couple of days I have been reading a lot about SBC (single board computers) based firewalls. I have found Soekris and WRAP boards interesting and I think I will get one in the future.
I like the idea of having this low power little boxes as a firewall. They are completly quiet boxes, fanless and with a CFs (compact flash) cards instead of hard drives.
Most people use them with m0n0wall, a FreeBSD based firewall, so I think I will take a look at it before anything else, just to see how good it is. And it's also a good excuse to get my hands on FreeBSD too. :-)
I like the idea of having this low power little boxes as a firewall. They are completly quiet boxes, fanless and with a CFs (compact flash) cards instead of hard drives.
Most people use them with m0n0wall, a FreeBSD based firewall, so I think I will take a look at it before anything else, just to see how good it is. And it's also a good excuse to get my hands on FreeBSD too. :-)
Emergency: Contingency Firewall
My IPCop 1.4.5 is working good, and I have no complains till now, but I was a bit nervous about not having a contingency firewall. My old firewall contingency server is now unusable, so al least I must have a software contingency firewall. I have picked Coyote as a floppy based contingency firewall, it needs only one floppy and does not require a hard drive, so in an eventual hard drive crash it's obviously a good choice.
It's a great product and I can easily use it as my main firewall, but I do like IPCop more so I will keep Coyote as my emergency plan.
My only problem setting it up was that in my present IPCop configuration, eth0 is the LAN interface (green), eth1 is the DMZ interface (orange) and eth2 is the WAN interface (red) and Coyote recognized eth0 as my LAN interface, but eth1 and eth2 were WAN and DMZ respectively so I was forced to change cables on the NICs to make it work. This was not a very smart thing to do, since when I do really need it I will probably have forgotten about it and I will think it does not work, so I decided to modify the Coyote installer scripts to make it match my present IPCop configuration. So I modified by hand all the references to eth1 and eth2 on the Coyote generation scripts, replacing eth1 with eth2 and eth2 with eth1. Everything worked as expected and now I do have my contingency floppy based firewall.
It's a great product and I can easily use it as my main firewall, but I do like IPCop more so I will keep Coyote as my emergency plan.
My only problem setting it up was that in my present IPCop configuration, eth0 is the LAN interface (green), eth1 is the DMZ interface (orange) and eth2 is the WAN interface (red) and Coyote recognized eth0 as my LAN interface, but eth1 and eth2 were WAN and DMZ respectively so I was forced to change cables on the NICs to make it work. This was not a very smart thing to do, since when I do really need it I will probably have forgotten about it and I will think it does not work, so I decided to modify the Coyote installer scripts to make it match my present IPCop configuration. So I modified by hand all the references to eth1 and eth2 on the Coyote generation scripts, replacing eth1 with eth2 and eth2 with eth1. Everything worked as expected and now I do have my contingency floppy based firewall.
Suscribirse a:
Entradas (Atom)