[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[at-l] OT: building a good firewall
And if you want to see something really scary, turn on the logging in your
hardware firewall. Mine will email me the log periodically. I am getting
more than 100 attempts a day to breakin. When I originally got a cable modem
installed, I thought it would be good to just plug my laptop into it while
the technician was here to verify that it was working. My laptop had a virus
installed within 10 minutes without protection.
> -----Original Message-----
> From: at-l-bounces@backcountry.net
> [mailto:at-l-bounces@backcountry.net] On Behalf Of Greg Brown
> Sent: Thursday, December 22, 2005 9:39 AM
> To: ATL
> Subject: [at-l] OT: building a good firewall
>
> Hey all. I saw in the gmail thread there was some discussion
> about firewalls. As a security junky by trade and hobby I
> can throw a few thoughts out regarding free firewalls,
> paid-for firewalls, and general computer security. Just for
> reference.
>
> 1. "hardware" firewalls.
>
> I liked dedicated firewalls. A lot. My firewall of choice
> is called "monowall" (http://m0n0.ch/wall/). I run my
> firewall on a dedicated, embedded hardware device from a
> company called Soekris, but you don't need to go that route.
> You can download and burn m0n0wall to a CD and run your
> firewall on an old PC, it doesn't require much processor or
> RAM either. The trick is to burn the software to a CD (that
> later boots into m0n0wall) and put a 3.5 floppy in your
> floppy drive. You use the web interface to save the settings
> you want on your firewall which then saves the configuration
> to the floppy disk and voila, you are done. To be super-safe
> you can then write-protect the floppy, reboot, and you have a
> dedicated firewall with all kinds of excellent features
> running in read-only mode. That means that even if your
> firewall is hacked (not likely in this case, these m0n0 guys did their
> homework) all you have to do is reboot and the any changes
> made to your system disappear.
>
> Price: $FREE.00. Can't be that, but it is a tad bit hard to
> set up the first time (see point #4 if you DON'T like to
> tinker with things).
>
> 2. Software firewalls on PCs.
>
> Handy if you are running MS operating systems and a good idea
> if you are plugged into the coffee house wireless network or
> if you plug your PC straight into your cable modem (please
> don't do that).
>
> Keep in mind that XP has a firewall built into the OS, you
> just need to know where it is and now to turn it on (and I am
> not sitting in front of a computer where I can access all
> those steps to jot all that down, sorry). On a MS machine
> DON"T forget about anti-virus. You are playing russian
> roulette without it.
>
> 3. Software firewalls on Macs:
>
> Built in (as of OS X). Because of the underlying
> architecture OS X is less susceptible to hacks and viruses,
> but that doesn't mean you can just forget about security and
> you shouldn't.
>
> 4. Other types of home firewalls (and in closing.....)
>
> I have set many, many a client up on a home network using a
> simple Linksys WRT54G wireless router. The device is a
> dedicated hardware NAT (network address translation) device
> with a software firewall built in and can be made to be quite
> secure. I suppose the most confusing thing about firewalls
> is the difference between NAT and a true packet filtering
> stateful firewall. The guts of that sentence would take me a
> better part of a day to get through but the important thing
> to remember is having a dedicated firewall device is good and
> having one that also does network address translation is even
> better (and all "home" based firewalls that I can think of
> off the top of my head do both, and that is a good thing but
> I prefer the Linksys).
>
> Why is a dedicated hardware device with a software firewall better?
> Simply plugging your Microsoft PC straight into your cable
> modem where it is able to be contacted directly over the
> Internet by anyone,
> anywhere is a very, very bad thing. You are playing with fire, less
> so with OS X and Linux, but you still are to a degree. Spend
> the $40.00 for some cheap protection and also invest in some
> quality anti-virus (and stay current with your patches).
>
> Anyway, for $40.00 after rebates it is hard to beat a WRT54G
> (disclaimer: I do not work for Cisco or Linksys). But if you
> do purchase one make sure you take the extra steps to secure
> it (i.e. set up WPA if you are going to use wireless or
> DISABLE the wireless component if you are not).
>
> Blah blah blah. Ramble ramble ramble.
>
> Greg
> _______________________________________________
> AT-L Mailing List.
>
> Go here to unsubscribe or change your options:
>
> http://mailman.backcountry.net/mailman/listinfo/at-l