On Feb 21, 2004, at 10:43 PM, Craig White wrote: > On Sat, 2004-02-21 at 18:12, Chris Gehlker wrote: >> On Feb 21, 2004, at 2:54 PM, ec wrote: >> >>> Chris, total newbie here, just thought I needed stuff. >>> Didn't know it had 4 ports, never been on dsl before >>> nor been around one to even look at the modem. >>> >>> Thanks. >>> >>> I want a smoothwall firewall even IF it has 4 ports. >>> Wife is paranoid about that. She wont go online >>> without either being on a 'don't care machine' or >>> knoppix live cd and the 'don't care machine'. But I am >>> getting dsl because dialup is too slow with two people >>> trying to use it at once and I am tired of waiting >>> hours for her to finish and vice versa. >> >> I don't think she understands what a firewall really does. The way >> Qwest configures their routers, only the router itself is >> addressable. >> Your computers are on a private network behind the router. It's like >> having an old style switchboard operator that only puts through >> outgoing calls. >> >> Where they really screw up, though, is they set the wireless side >> completely open by default. The wireless side even broadcasts its own >> network name. Note that the wireless is 'behind' your router so any >> protection between your LAN and the internet has already been >> bypassed. >> >> So I'd for get the Smoothwall and concentrate on turning off the >> wireless. > --- > There's nothing wrong with having a firewall in place even though the > machine is behind the router. The router could get hacked, there's been > instances of that occurring, perhaps not with the Actiontec (yet > anyway). > > Another machine on the lan could get compromised - shit happens. She > may > have data on that computer that she considers too sensitive to treat > casually. > > Based upon that, I wouldn't suggest that having a smoothwall or other > type of iptables based firewall protection on a computer even though it > is behind a router to be a bad idea. What was 'wrong' with the direction that e c was heading was simply that the smoothwall was adding redundant protection at what is already the strongest point of the system. The system is no stronger than its weakest point and that point is the wireless network. It comes wide open by default. I don't mean to say that packet filtering firewall behind NAT is always a bad idea. I think it's overkill for a home LAN behind NAT with no data to protect (she's running from CD, remember) no services turned on and the built-in firewall there anyway. In a different context I would recommend an additional packet-filter firewall. Security isn't rocket science but it does take a little bit of knowledge. E c was very up front in saying that he was a total newbie. I was simply trying to help by pointing out the biggest vulnerability first and by urging him to urge his wife to keep some perspective. I think the internet is being ruined for some people because they are being frightened by the security companies. The biggest danger is the scams where someone tricks you into revealing your credit card number. The only prevention for that is common sense. The trick is to be suspicious enough without being too suspicious. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss