[Techtalk] Personal firewalls: helpful?

[R. Daneel Olivaw]

Hi again,

I just finished writing the other reply ... :p

> > What are the advantages to having a machine dedicated as a firewall?

Think of it like a stronghold : the more layers of protection walls you
put, the less people may be able to get in.
Even if the separate firewall is compromised, it won't mean your
personal machine will be endangered, well, not as quickly.
Maybe then, the firewall being also an internet access router, you may
notice your connection failing, and get a hint about the intrusion.
And finally, if you have more than one machine, if your computer is
rebooting (ok, linux doesn't need that much) why blocking the internet
access and the protection ?

> I think part of the idea is that, with a minimal amount of software
> running on the firewall machine, there's less chances of there being
> security holes from other software running on that machine.
> 
> But we've now reached the end of what little I know and conjecture.
> 
> Anyone else care to enlighten us?

A firewall should run minimal software, and it is unlikely that the
firewall part of the software may get compromised (well, ok, it may
happen). The more services you run, the more weak points you have.

Last but not least : if you have a problem (say, a hardware problem)
with the firewall, you may replace it easily, replacing just that
'function'. Gathering everything on the same machine will make it harder
to get everything up (remember to backup things bla bla bla ... ok ?)
after a (hard disk) crash.

bye,

R. Daneel Olivaw,
The Human Robot Inside.