OT: Internet access for old RH machine
Bruno Wolff III
bruno at wolff.to
Tue Mar 17 22:20:49 UTC 2009
On Tue, Mar 17, 2009 at 22:06:39 +0000,
Stewart Williams <lists at pinkyboots.co.uk> wrote:
>
> I was wondering if there was a way I could connect it to my router, but
> segregated some how, such as an encrypted VPN tunnel. So that if it was
> exploited it couldn't compromise the security of my main LAN.
That's probably over kill. Mostly you'll be pretty safe if you stick to trusted
web sites and use iptables to block inbound connections. There may be some
kernel bugs that could get exploited without an actual connection, but those
attacks will probably be rare and if your router is doing NAT very difficult
to send on to this machine.
As far as compromizing other machines, they should be set up to survive on
their own in any case. The main additional threat is sniffing local traffic.
Depending on what kinds of local traffic you have, you might need to take
some steps to mitigate this threat. In general the risk of the old machine
being compromised if treated as above isn't going to be a lot higher than
that of other machines used to do more risky things.
More information about the fedora-list
mailing list