Firewall Recipe

Post #138,781 by pwhysall 1/30/04 7:35:13 AM 1/30/04 7:38:45 AM Reply	Firewall Recipe 1. Get cheap/free computer with 2 network cards 2. Add [link\|http://www.smoothwall.org/\|smoothwall] 3. Profit!! (or, at least, a safe network). Don't even bother trying to secure XP; it's a waste of time. The smart thing to do is firewall it properly. Anything that runs on the box itself is basically crap because the Bad Guys have to get that connection to your machine in order for ZoneAlarm or whatever to do anything about it. This means that (a) if your Windows "Firewall" has a bug that causes it to crash on receipt of bad data you're (b) very very screwed. Real security physically separates the unsafe connection (i.e. your ADSL router) from the safe network (i.e. your LAN; in this case, that's just lil ol' you). Some people here will try to recommend Windows products. As I've noted above, they're pointless because the Bad Connection has already been made to your computer. I use a Netgear RT314 gateway router to separate myself from the Internet; it's a stateful packet-inspecting firewall with a built-in 4-port 100MBPS switch. You can get these puppies on eBay for $20. [link\|http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3074639612&category=23778\|http://cgi.ebay.com/...12&category=23778] Get it bought. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Home Page - Now with added Zing!] Edited by pwhysall Jan. 30, 2004, 07:36:25 AM EST Edited by pwhysall Jan. 30, 2004, 07:38:45 AM EST Expand All History
Post #138,798 by mmoffitt 1/30/04 9:10:02 AM Reply	What he said. bcnu, Mikem I don't do third world languages. So no, I don't do Java.
Post #138,900 by jake123 1/30/04 3:56:38 PM Reply	My solution was a warp pc with two nics; one to the dsl modem and one to the rest of the network. Runs a pppoe /w firewall product called safefire. Been running it for at least two years with no problem (shrug). I've got it combined with the built in firewall on the tcpip stack on the lan side (ipsec.sys; comes from AIX land, as does the rest of the OS/2 stack). It gives an extremely configurable system. The actual router's a decrepit pentium box... and even so, it's still overpowered for the job. --\n-------------------------------------------------------------------\n* Jack Troughton jake at consultron.ca \n [link\|http://consultron.ca\|http://consultron.ca] [link\|irc://irc.ecomstation.ca\|irc://irc.ecomstation.ca] \n Kingston Ontario Canada [link\|news://news.consultron.ca\|news://news.consultron.ca] *\n-------------------------------------------------------------------
Post #139,031 by Ashton 1/31/04 5:55:25 AM Reply	OK, that's a Clear 'review' :( At that price.. be silly not to play. Even if the several testers deem this box 'stealth' - invisible. Just now. Having been lucky (?) thus far via ZoneAlarm for V90ish dialup (but Not anything beyond V.2.6.88 - for reasons not interesting to mention) on 98SE-lite, maybe I should take my winnings and step upwards. Seems likely that the "True Vector" thingie, however clever the games ZA plays in hiding its mere disk location via roulette.. shall be hacked - such a fun game for the cretinous mind. I suppose it's also irrelevant to the risks of '04 that - there's no Lookout or IE (except the necessary stubs left) and no local network either - on this box. No NICs here (yet, anyway). What need then, with Netgear RT314 to accommodate mere dialup? By 'stateful' is this about ~ IPv6 or DHCPv6? v4? (or irrelevant to my concern). Will this then autoconfig, pretty much? Does router talk to a HTML setup menu, display its default port list, etc? ie do I have to grok any static addressing to setup this box? (I'm supposing a need for one NIC, cable, in P-III box + driver and a clue for picking an address for that.) What think? PITA or no-brainer? Thanks. moi

Welcome to IWETHEY!