On Mar 13, 2012, at 3/13 9:16 PM, Cameron Byrne wrote: > > > That's reality, and much as I love the e2e principle I think the ordinary > > citizen is better off behind default-deny. > > > > I am not trying to be dense, but why? > > What is the negative scenario of not having a homenet firewall on? Using real > examples from the last 5 years .... I would like to know how a cpe firewall > protects against real threats to modern software. > It seems hard to predict a priori what a "real threat" is going to be. And it seems unlikely that "modern software" is all that will be found in average homes. For example, will the Android version on the refrigerator display be updated?
> > Personally I haven't run without an on-board firewall since I got my > > first wireless card (late 1999?). But we can't assume that applies to > > every home device. > > > > Most PC software has shipped with a firewall on for the last ~10 years > And these have to be then managed, and the triggers for "should this flow be allowed" will then transition to the PC as opposed to the CPE. Did the system become any simpler, really? But the real issue to my mind is _non-PC_ software; the firmware on some power-line bridge written for the cheapest dollar by pulling together some version of Linux because the device had to sell for $25. Not only do all these devices now need firewalls (unlikely), they now need an easy way to manage these firewalls (next to impossible). -Ashok > Cb > > Brian > > _______________________________________________ > > homenet mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/homenet > _______________________________________________ > homenet mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/homenet
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
