[mythtv-users] Has anyone configured a "semi"-diskless frontend?

Brad Templeton brad+myth at templetons.com
Fri Jan 7 14:51:57 EST 2005


On Fri, Jan 07, 2005 at 06:52:18AM -0500, stan wrote:
> While you are certainly correct about at least one of the "insied" machines
> being comprimised, security is best done as a "defence iin depth" aproach,
> and a firewall is a significant part of such a desing.

Actually, almost all the security experts I know would disagree with that.
There's nothing wrong with having a firewall as a backup line of defense,
particularly against mistakes by the operators of individual machines
behind the firewall -- as they will make mistakes, and install insecure
server apps and so on  -- but it should not be a significant part of
your strategy.   Under the modern philosophy of a secured network,
the design goal is that every machine should be capable of being exposed
to the open internet safely.     That's because, at one point or another,
your firewall will be compromised, and so all your machines will be
as they were on the open internet to that attacker.  It's a question of
when, not if.

(Firewalls are something that security consultants and companies sold
because they had to do _something_ about how blatantly insecure most
systems were, particularly windows boxes.)

That's the goal.  We don't always attain our goals, and ordinary users
and even experienced sysadmins are always making errors, so a firewall
is the backup defence against those errors.

But you would never want to design a security protocol which depends on
the firewall for its security. 

Well, almost never.  You might do it if what you were protecting was not
ever going to be important, and the UI gains you made from this approach
were powerful enough to justify it.   For example, I have been considering
a protocol for IP based speakers.   I could see IP speakers being configured
to accept sound streams from anybody on their subnet.   This is acceptable
because the worst that could happen is that intruders could play rude
sounds on your speakers and wake you up in the middle of the night.
Annoying, but no damage done to data.   The gain in convenience of
not having to do anything to configure this mode is worth it.

And so this philosphy might apply as well to IP video components.
However, with Myth, the attacker can:
    a) Erase or change all your videos, preferences and schedules -- all data
    b) Get complete logs of all your viewing habits
    c) Possibly corrupt or destroy other databases if your sql server is
       not well secured.

This is more serious, and worthy of some minor UI inconvenience.  As noted,
done properly, this can amount to no more than entering a password once
when configuring a new device.   This is not a big whoop, it's much harder
when you have to consider devices that have no keyboards or screens in
order to let you enter passwords or have UIs!



More information about the mythtv-users mailing list