Freesco, old kernel lines, security

Freesco, old kernel lines, security

[James Miller (office)]

I understand that in the world of Linux network security, generally older
= worser (more insecure).  So, I see that Freesco, a small Linux
gateway/router distro that seems to be actively maintained, is using a
kernel from the 2.0.x line - 2.0.38 (I understand that the most
recent 2.0.x kernel is 2.0.39).  Is Freesco considered an insecure
gateway/router distro because it uses this older kernel line, or can it be
expected to provide adequate network security?  What would be the risks
involved in using such a distro?  Would the security savants on this list
recommend against using it?

Thanks, James
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Freesco, old kernel lines, security

[Ray Olszewski]

At 09:08 AM 6/2/2003 -0500, James Miller (office) wrote:
>I understand that in the world of Linux network security, generally older
>= worser (more insecure).  So, I see that Freesco, a small Linux
>gateway/router distro that seems to be actively maintained, is using a
>kernel from the 2.0.x line - 2.0.38 (I understand that the most
>recent 2.0.x kernel is 2.0.39).  Is Freesco considered an insecure
>gateway/router distro because it uses this older kernel line, or can it be
>expected to provide adequate network security?  What would be the risks
>involved in using such a distro?  Would the security savants on this list
>recommend against using it?


I have not looked at Freesco in a long time (years, really). Were I to 
consider using it, I would worry not about the old kernel but about old, 
insecure apps. Since I don't know what apps it runs, I cannot be specific 
here. But over the past 2 years, we've seen security updates to BIND 
(named), ssh, ssl-libraries, I believe even libc6 (glibc), and a lot of 
others I can't name off the top of my head.

So I would look to see if Freesco is doing regular security updates to 
applications and libraries that provide whatever services it makes available.

The issue with 2.0.x kernels (the issue I know, anyway) is that they do not 
support the fancier routing capabilities of 2.2.x and 2.4.x kernels ... for 
example, their NAT'ing code is more primitive, they don't provide 
connection tracking, they are less flexible in handling 3-NIC (e.g., DMZ) 
setups, and they log less intelligently.  Whether these limitations matter 
depends on the particulars of your routing needs.

Here, I run a NAT'ing router using the 2.4.x kernel and built on 
Debian-Woody. Were I to use a small-Linux rourer distro, I'd probably use 
LEAF/Bering or LEAF-Dachstein (depending on the details of my requirements 
... the two variants have different frop-in firewall packages available).



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Freesco, old kernel lines, security

[james niland]

--- "James Miller (office)" <jamtat@mailsnare.net>
wrote:
> I understand that in the world of Linux network
> security, generally older
> = worser (more insecure).  So, I see that Freesco, a
> small Linux
> gateway/router distro that seems to be actively
> maintained, is using a
> kernel from the 2.0.x line - 2.0.38 (I understand
> that the most
> recent 2.0.x kernel is 2.0.39).  Is Freesco
> considered an insecure
> gateway/router distro because it uses this older
> kernel line, or can it be
> expected to provide adequate network security?  What
> would be the risks
> involved in using such a distro?  Would the security
> savants on this list
> recommend against using it?
> 
> Thanks, James

Ihave used the freesco 0.2.7 router now for over 2
years. 
It is the easiest to setup for my purposes. I use it
to NAT-share the internet on the home lan, for
firewalling and as DHCP server for the lan. 

As I am denying any incoming ports (from the internet)
it doesn't matter too much if the apps are uptodate or
not.(apart from the netfilter of the kernel I guess)
Neverless I configure them to run only on the local
net.
( the s setting)

There is an updated version 0.3.1 on their website
now, but I had some stability problems with 0.3.0 and
have been happy with the 0.2.7 version, so I stay with
it.

I have invited several linux savvy friend to hack into
my router from the internet side and none of them has
had any luck. You can configure most services as
running on the local net only, so they won't be
available to the internet.

As long as you don't open holes by eg doing port
forwarding it's pretty safe for my purpose as far as I
can tell.

If you want to export services through it like eg a
web server or such I'd look for another solution,
though.

Cheers
James N.

__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Freesco, old kernel lines, security

[oford]

[-- Attachment #1: Type: text/plain, Size: 1101 bytes --]

On Mon, 2003-06-02 at 09:08, James Miller (office) wrote:
> I understand that in the world of Linux network security, generally older
> = worser (more insecure).  So, I see that Freesco, a small Linux
> gateway/router distro that seems to be actively maintained, is using a
> kernel from the 2.0.x line - 2.0.38 (I understand that the most
> recent 2.0.x kernel is 2.0.39).  Is Freesco considered an insecure
> gateway/router distro because it uses this older kernel line, or can it be
> expected to provide adequate network security?  What would be the risks
> involved in using such a distro?  Would the security savants on this list
> recommend against using it?
> 
> Thanks, James
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs

I like routerlinux.  And it appears to still be actively maintained.

http://www.routerlinux.com/


-- 
Owen Ford <oford@ev1.net>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]