Let me explain the 'paranoia' that she has. First, she
also has a windoze 98 machine that will be online, and
it contains some (to her) very important stuff. She is
writing a novel on it and doesn't want that info to
somehow be copied by a hacker. And two, years ago,
someone broke into another machine and wiped about two
years work out as it wasn't secured enough.
Probably, since I didn't know about the NAT (nor
understand that term) firewall already there, I
probably will hook up the net to that avoiding messing
with smoothwall initially. That is, IF I can disable
the wireless probing into it. How do you do that?
--- Chris Gehlker <
chris@GCCodeFactory.biz> wrote:
>
> On Feb 21, 2004, at 10:43 PM, Craig White wrote:
>
> > On Sat, 2004-02-21 at 18:12, Chris Gehlker wrote:
> >> On Feb 21, 2004, at 2:54 PM, ec wrote:
> >>
> >>> Chris, total newbie here, just thought I needed
> stuff.
> >>> Didn't know it had 4 ports, never been on dsl
> before
> >>> nor been around one to even look at the modem.
> >>>
> >>> Thanks.
> >>>
> >>> I want a smoothwall firewall even IF it has 4
> ports.
> >>> Wife is paranoid about that. She wont go online
> >>> without either being on a 'don't care machine'
> or
> >>> knoppix live cd and the 'don't care machine'.
> But I am
> >>> getting dsl because dialup is too slow with two
> people
> >>> trying to use it at once and I am tired of
> waiting
> >>> hours for her to finish and vice versa.
> >>
> >> I don't think she understands what a firewall
> really does. The way
> >> Qwest configures their routers, only the router
> itself is
> >> addressable.
> >> Your computers are on a private network behind
> the router. It's like
> >> having an old style switchboard operator that
> only puts through
> >> outgoing calls.
> >>
> >> Where they really screw up, though, is they set
> the wireless side
> >> completely open by default. The wireless side
> even broadcasts its own
> >> network name. Note that the wireless is 'behind'
> your router so any
> >> protection between your LAN and the internet has
> already been
> >> bypassed.
> >>
> >> So I'd for get the Smoothwall and concentrate on
> turning off the
> >> wireless.
> > ---
> > There's nothing wrong with having a firewall in
> place even though the
> > machine is behind the router. The router could get
> hacked, there's been
> > instances of that occurring, perhaps not with the
> Actiontec (yet
> > anyway).
> >
> > Another machine on the lan could get compromised -
> shit happens. She
> > may
> > have data on that computer that she considers too
> sensitive to treat
> > casually.
> >
> > Based upon that, I wouldn't suggest that having a
> smoothwall or other
> > type of iptables based firewall protection on a
> computer even though it
> > is behind a router to be a bad idea.
>
>
> What was 'wrong' with the direction that e c was
> heading was simply
> that the smoothwall was adding redundant protection
> at what is already
> the strongest point of the system. The system is no
> stronger than its
> weakest point and that point is the wireless
> network. It comes wide
> open by default.
>
> I don't mean to say that packet filtering firewall
> behind NAT is always
> a bad idea. I think it's overkill for a home LAN
> behind NAT with no
> data to protect (she's running from CD, remember) no
> services turned on
> and the built-in firewall there anyway. In a
> different context I would
> recommend an additional packet-filter firewall.
>
> Security isn't rocket science but it does take a
> little bit of
> knowledge. E c was very up front in saying that he
> was a total newbie.
> I was simply trying to help by pointing out the
> biggest vulnerability
> first and by urging him to urge his wife to keep
> some perspective. I
> think the internet is being ruined for some people
> because they are
> being frightened by the security companies. The
> biggest danger is the
> scams where someone tricks you into revealing your
> credit card number.
> The only prevention for that is common sense. The
> trick is to be
> suspicious enough without being too suspicious.
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail
> settings:
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
=====
Cyclists should expect and demand safe
accommodation on our public roads,
just as does every other user.
Nothing more is expected.
Nothing less is acceptable!
__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)