Timothy Wilson wrote: > This discussion highlights the dilemma for all of us geeky, but not professional > home users. Where on the ease-of-use/unlimited-flexibility security continuum > should I be? Is it better to have a drop-dead easy router/firewall like the > Linksys product that is probably good enough 99.9% of the time or better to take > an old machine (I've got PPro 200 lying around) and build a rock-solid > firewall/router that will allow me to have a "real" DMZ, but is also one more > machine to maintain? > > The geeky side of me would love to fiddle around configuring that old PPro as a > router/firewall. Unfortunately, the other side of me has little time for such > things and needs to chase my kids, mow the lawn, do my homework, etc. In the end, only you can make that decision. It depends on how paranoid you want to be and how much of your life you want to dedicate to running these machines. Your power bill will be a bit cheaper running the linksys and your server room area will be more quiet. As for maintenance, you just need to update the firmware on that linksys whenever they put out a new one. The whole process will probably take 15-30 minutes of your time say once every 6 months or so. As for maintaining a Linux box, there will always be security updates in whatever it is running, and how really knows if they'll change the firewalling software (again) in the 2.6+ kernels. In the past it has changed with every major release of the kernel, meaning you probably need to rewrite/relearn your firewall rules each time. Having said that, I believe the Linux solution is probably the "best" solution and provides ultimate flexibility and is probably more secure, _if_ you set it up properly. It's also more time consuming. If you have a family, I'd suggest plugging in the Linksys and spending more time with your family. Put you head down and go with the flock. -- scot _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list