On Thu, 28 Aug 2003 18:46:20 -0400
Bryan Phinney <[EMAIL PROTECTED]> uttered:
> Sorry for the long message, I get carried away sometimes. ;-}
No problemo, I enjoyed every minute of it, and gained a greater
understanding of security along the way.
I wholeheartedly agree with your perspective, esp. the idea that you
have to differentiate between something like a firewall *app* and a real
firewall, one that cannot be compromised like any other app.
ZoneAlarm and it's like are probably the best the average windows user
can do, excepting of course the installation of a dedicated firewall
and/or proxy, but not everybody has an extra box just lying around.
For anyone that does, I highly recommend that you start tinkering. You
do *not* need big-shot hardware, and old P90 like I have will do the
trick quite nicely, and in some cases you don't even need to have a
harddrive in it. There are floppy-based distros like BBIAgent, which I
use and has never let me down (SYN flood and spoofing protection, full
stealth mode for the truly paranoid, where even pings and/or ICMP
requests are ignored/dropped, and of course port forwarding so only
the ports you specify are even visible). For more robust sol'ns (HD
reqr'd), there is of course Mandrake, which you can configure as a
dedicated firewall, but there are lighter and more specified sol'ns like
Smoothwall, ClarkConnect, etc.
The other advantage to having a dedicated firewall/router/NAT is that it
manages your internet connection and LAN for you, so you never have to
worry about configuring your PPPoE or whatever connection, they do it
for you, and they automagically hand out network configurations to all
your clients, so no messing with DNS, IP, etc.
--
HaywireMac
Registered Linux user #282046
Homepage: nodex.sytes.net
++++++++++++++++++++++
Nothing is as simple as it seems at first
Or as hopeless as it seems in the middle
Or as finished as it seems in the end.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
