Re: Network Security and COX (was Need Advice on Routers)

Top Page
This message is part of the following thread:
M++\the complete thread tree sorted by date
MMMMSir Light at <-
M 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Technomage
Date:  
To: Main PLUG discussion list
Subject: Re: Network Security and COX (was Need Advice on Routers)
Sir Light wrote:
> Mark,
>
> When I went online with COX, one thing above all else is that I knew I MUST, let me scream that LOUDLY again, ***MUST*** have a firewall in place.
>
> Why? Simple...
>
> To stop people from coming into my network with things I do NOT want like viruses, people trying to hack into my boxes, all them infected boxes trying to infect my boxes and all them sciptkiddies just playing around.
>
> With the exception of a few ports like 25, 80 and a few others that I can't remember off the top of my head, you are pretty much wide open to the above nasties from ANYWHERE,
> inside and outside of COX's network which is why a firewall is a MUST.
>
> One thing I read is that a naked Microsoft Windows box can be taken over in something like under 5 minutes even with all the patches applied. A Linux box setup to be a firewall, well... next to impossible.
>
>
try 37 seconds (tested this with an exposed vm and watched on a linux
host using wireshark).
Problem is, I have seen linux boxes succumb to network originated
attacks, even with iptables fully configured and in place.
However, the probability that a linux firewall will be pwned is far
lower than that or a bare MS box.
Given this, I'd still rather use OpenBSD and PF. its a lot more powerful
and requires a lot less overhead (typical install is under
2 GB on a base system).

> One thing I have turned off is the PING response which if someone were to ping my firewall, it's like talking to a blank wall.
>
>
Some ISP's don't like this and may turn off your internet thinking you
don't have anything hooked up (I have seen it happen when cox
was formerly @home). There are others out there that still depend on
ping to see if your system is connected (never mind the DHCP
traffic your machine might generate).

> *pets his firewall* This firewall has served me very very well. :)
>
> Jon
>
>

You've
been lucky (and probably watch the firewall closely).

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: interesting article re. new regulations for internet security professionalsRe: HackFest Series: TrueCrypt is Now Detectable->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)