WingNews logo WingNews
top | item 31439693

(no title)

jherico | 3 years ago

I don't think it's just an OS issue, because people often want promiscuity within their home network, but want a moat and drawbridge keeping the rest of the world from that network. There's too much value in home / office situations where you want discoverability enabled, but only to other devices behind your gateway to the internet at large.

discuss

order

autoexec|3 years ago

Not only that, but you don't need your OS handling and selectively allowing or dropping every random packet thrown at your IP either. You don't want to even have to worry about an OS inadvertently revealing info about your devices because of how they're accepting/dropping packets or screwing that up and letting in things it shouldn't. You can offload all that work to your gateway and free up your devices to only handle the traffic that they actually care about.

You can still have a DMZ, servers, and devices directly connected to the internet, but a gateway with a stateful firewall is a wonderful thing and your typical gateway with NAT helps makes things dead simple solving far more problems than it causes.

chongli|3 years ago

Personally, I’d prefer not to have this isolation. I’d rather be able to access my home computer, printer, and other devices from anywhere in the world, not just when I’m at home. Moats and drawbridges are an anachronism from the Middle Ages.

jherico|3 years ago

Right, but you don't want anyone in the world to have access to your home computer and printer, right?

You're talking about a different problem: How can I extend the concept of my "home network" to the devices that I use and trust regardless of where I am? I'd argue that this is something that suggests that VPN functionality should get built into gateway devices.

Regardless, I don't want scammers in Malaysia port-scanning my 10 year old printer that's never going to get a security update.

teawrecks|3 years ago

Think doors and keys then. Or "smart locks" and "biometric scanners" if that's still not modern enough for you. There's a cost to convenience. Yeah, it'd be really convenient if your house didn't have any walls, you could just walk into any room from anywhere else. But so could any untrusted party.

Bugs and therefore vulnerabilities are inevitable. The larger your attack surface, the more likely some rando is to find a vulnerability and exploit it. No walls is real convenient up until someone unexpected walks right in and trashes the place.