[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[at-l] OT: building a good firewall

Subject: [at-l] OT: building a good firewall
From: wdlists at optonline.net (Walt Daniels)
Date: Thu Dec 22 09:13:42 2005
In-reply-to: <4898d2dc0512220639u670aec64m73599ba30e9089fc@mail.gmail.com>

 And if you want to see something really scary, turn on the logging in your
hardware firewall. Mine will email me the log periodically. I am getting
more than 100 attempts a day to breakin. When I originally got a cable modem
installed, I thought it would be good to just plug my laptop into it while
the technician was here to verify that it was working. My laptop had a virus
installed within 10 minutes without protection.
> -----Original Message-----
> From: at-l-bounces@backcountry.net 
> [mailto:at-l-bounces@backcountry.net] On Behalf Of Greg Brown
> Sent: Thursday, December 22, 2005 9:39 AM
> To: ATL
> Subject: [at-l] OT: building a good firewall
> 
> Hey all.  I saw in the gmail thread there was some discussion 
> about firewalls.  As a security junky by trade and hobby I 
> can throw a few thoughts out regarding free firewalls, 
> paid-for firewalls, and general computer security.  Just for 
> reference.
> 
> 1. "hardware" firewalls.
> 
> I liked dedicated firewalls.  A lot.  My firewall of choice 
> is called "monowall" (http://m0n0.ch/wall/).  I run my 
> firewall on a dedicated, embedded hardware device from a 
> company called Soekris, but you don't need to go that route.  
> You can download and burn m0n0wall to a CD and run your 
> firewall on an old PC, it doesn't require much processor or 
> RAM either.  The trick is to burn the software to a CD (that 
> later boots into m0n0wall) and put a 3.5 floppy in your 
> floppy drive.  You use the web interface to save the settings 
> you want on your firewall which then saves the configuration 
> to the floppy disk and voila, you are done.  To be super-safe 
> you can then write-protect the floppy, reboot, and you have a 
> dedicated firewall with all kinds of excellent features 
> running in read-only mode.  That means that even if your 
> firewall is hacked (not likely in this case, these m0n0 guys did their
> homework) all you have to do is reboot and the any changes 
> made to your system disappear.
> 
> Price: $FREE.00.  Can't be that, but it is a tad bit hard to 
> set up the first time (see point #4 if you DON'T like to 
> tinker with things).
> 
> 2. Software firewalls on PCs.
> 
> Handy if you are running MS operating systems and a good idea 
> if you are plugged into the coffee house wireless network or 
> if you plug your PC straight into your cable modem (please 
> don't do that).
> 
> Keep in mind that XP has a firewall built into the OS, you 
> just need to know where it is and now to turn it on (and I am 
> not sitting in front of a computer where I can access all 
> those steps to jot all that down, sorry).  On a MS machine 
> DON"T forget about anti-virus.  You are playing russian 
> roulette without it.
> 
> 3. Software firewalls on Macs:
> 
> Built in (as of OS X).  Because of the underlying 
> architecture OS X is less susceptible to hacks and viruses, 
> but that doesn't mean you can just forget about security and 
> you shouldn't.
> 
> 4. Other types of home firewalls (and in closing.....)
> 
> I have set many, many a client up on a home network using a 
> simple Linksys WRT54G wireless router.  The device is a 
> dedicated hardware NAT (network address translation) device 
> with a software firewall built in and can be made to be quite 
> secure.  I suppose the most confusing thing about firewalls 
> is the difference between NAT and a true packet filtering 
> stateful firewall.  The guts of that sentence would take me a 
> better part of a day to get through but the important thing 
> to remember is having a dedicated firewall device is good and 
> having one that also does network address translation is even 
> better (and all "home" based firewalls that I can think of 
> off the top of my head do both, and that is a good thing but 
> I prefer the Linksys).
> 
> Why is a dedicated hardware device with a software firewall better? 
> Simply plugging your Microsoft PC straight into your cable 
> modem where it is able to be contacted directly over the 
> Internet by anyone,
> anywhere is a very, very bad thing.   You are playing with fire, less
> so with OS X and Linux, but you still are to a degree.  Spend 
> the $40.00 for some cheap protection and also invest in some 
> quality anti-virus (and stay current with your patches).
> 
> Anyway, for $40.00 after rebates it is hard to beat a WRT54G
> (disclaimer: I do not work for Cisco or Linksys).  But if you 
> do purchase one make sure you take the extra steps to secure 
> it (i.e. set up WPA if you are going to use wireless or 
> DISABLE the wireless component if you are not).
> 
> Blah blah blah.  Ramble ramble ramble.
> 
> Greg
> _______________________________________________
> AT-L Mailing List.
> 
> Go here to unsubscribe or change your options:
> 
> http://mailman.backcountry.net/mailman/listinfo/at-l

Follow-Ups:
- [at-l] OT: building a good firewall
  - From: nightwalker.at at gmail.com (Nightwalker)

References:
- [at-l] OT: building a good firewall
  - From: gwbrown1 at gmail.com (Greg Brown)

Prev by Date: [at-l] OT: building a good firewall
Next by Date: [at-l] OT: building a good firewall
Previous by thread: [at-l] OT: building a good firewall
Next by thread: [at-l] OT: building a good firewall
Index(es):
- Date
- Thread