Re: [tlug] low power home server

["Stephen J. Turnbull" <stephen@example.com>]

Darren Cook writes:

 > Yes, okay, theoretically they are safer as you would configure the NAS
 > to not allow access from the router IP address. But, more practically,
 > if all your configuration is perfect then your router isn't going to be
 > compromised anyway, and the point is moot.

You have theory and practice backward here.  In practice, nothing is
perfect.

Simple is more secure.

 > But one interesting idea is one box, two OS: one for the router, one for
 > the NAS and everything else.

I gather you haven't read the "route via telepathy" anecdote in
Bellovin and Cheswick.  Anyway, this is a bad idea, because there's
really only one OS per box, in this case the virtualization host OS.
The guest OSes are just very demanding applications, and because they
are so demanding, I would consider this setup extremely fragile from a
security standpoint.