IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / Trying to help a cow-orker secure his home network
Post #43,138
by drewk
Picture of drewk
6/21/02 12:45:10 PM
Reply
New Trying to help a cow-orker secure his home network
He's got a home network using W2K Server on a PII-33 (serving as a router) connected to a cable modem, with two Windows boxes behind it. He's one of the first on his cable loop, so he's getting massive bandwidth. And he said something about, "Not so concerned with security, as with my cable company not finding out about the network and cutting me off."

fbog

I gave him a rough overview of why both problems are solved by the same thing -- IP masquerading on a real firewall -- but he doesn't know anything about Linux. He asked if there's anything he can install on W2K Server that will make it an acceptable firewall, including IP masquerading. I explained why I didn't think so, but told him I'd ask.
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
Post #43,141
by jbrabeck
6/21/02 1:05:29 PM
Reply
New Cow-orker?
Must be 'cause he's using Windows, right?

Going out on a limb. Gonna expose my limited knowledge....

Main reason I use a separate box for the router/firewall is so that when the firewall gets hacked, there is nothing to be found. When it gets hacked, clear the drive, reinstall Linux and strenghten the firewall. No real damage done. Now if the server is also the router/firewall, then all data is exposed when hacked.

Most of the iptables script gererators are easy to use. And set up adequate security. And once Linux is set up, Iptables configured, it just runs. Just like the everyready bunny..... :)

FWIW...
[link|mailto:jbrabeck@attbi.com|Joe]
Post #43,175
by static
Picture of static
6/21/02 11:07:59 PM
Reply
New OT: cow-orker.
It's from Dilbert, or more specifically, one of the DNRC* newsletters. Scott Adams ran a contest for a name the DNRC memebrs could use for non-DNRC members. "Cow-orker" was one of the winning ones.

Wade.

* Dogbert's New Ruling Class.

"Ah. One of the difficult questions."
Post #43,221
by a6l6e6x
Picture of a6l6e6x
6/22/02 10:25:06 PM
Reply
New And I though it was some one practicing animal husbandry. :)
Alex
"Men occasionally stumble over the truth, but most of them pick themselves up and hurry off as if nothing had happened." -- Winston Churchill (1874-1965)
Post #43,342
by Yendor
6/24/02 4:01:59 PM
Reply
New Weren't the winning one...
"induhvidual"?

Usage: jbrabeck, you're such an induhvidual! *Wade and Mike snicker to themselves softly*

;-)
-YendorMike

What if the hokey pokey really is what it's all about?
- Jimmy Buffett, June 20, 2002, Tinley Park
Post #43,378
by static
Picture of static
6/25/02 12:07:21 AM
Reply
New Both.
At least. Actually I suspect "In-duh-vidual" was first and some months later someone else came up with "cow-orker" which Scott liked better. Or perhaps liked for a different context.

Wade.

"Ah. One of the difficult questions."
Post #43,359
by Ashton
6/24/02 6:52:55 PM
Reply
New Those of us with cuth would never stoop
to paying attention to a bum pun - yes that's it - I'll pun t.


Ashton
Join the Individualist Club Today!
Post #43,142
by Another Scott
6/21/02 1:06:40 PM
Reply
New Consider InJoy Firewall.
It's in beta for Windows and Linux.

Bjarne writes excellent software for OS/2 - his InJoy Dialer for OS/2 is wonderful. I don't know the status of the Windows products.

[link|http://www.fx.dk/beta/|Beta page.] Versions for OS/2, Win2K and XP, and RedHat Linux 7.2 are available.

HTH.

Cheers,
Scott.
Post #43,150
by SpiceWare
6/21/02 4:15:15 PM
Reply
New I like my Linksys setup
I've got a Linksys cable modem router that does the firewall. I have the [link|http://www.linksys.com/Products/product.asp?grid=23&prid=173|4 port w/wireless] version which ran me $300 last year. It's down to $150 now.

If he's not interested in wireless he could use the [link|http://www.linksys.com/Products/product.asp?prid=142&grid=23|1 port] version by plugging it into his existing hub/switch. It can be found for $60.

My house is fully wired but I picked up the wireless version because of friends who bring their laptops on visits. I replaced my laptop's NIC with a wireless one and would never go back.

Darrell Spice, Jr.

[link|http://home.houston.rr.com/spiceware/|SpiceWare] - We don't do Windows, it's too much of a chore
Post #43,155
by bepatient
Picture of bepatient
6/21/02 6:55:24 PM
Reply
New Also wireless..
...but not at the router. I have the cable modem into a ppro 200 acting as firewall/webserver.

Script is simple. Block everything.

Cable modem provider looks for specific open ports...80 is not one of them...the ones @home and now comcast hit are 67, 68 and 119.

I have the firewall set to reject all packets...though portsentry shows the ports as listening on a portscan.

There are almost no services besides httpd running on the box.

You were born...and so you're free...so Happy Birthday! Laurie Anderson

[link|mailto:bepatient@aol.com|BePatient]
Post #43,182
by ben_tilly
6/22/02 12:28:32 AM
Reply
New Reminds me of an iBook - linksys irritation
I bought a linksys that is not wireless. I already had an airport, and so the feature was not worth anything to me.

However my iBook finds it. But I can't use it because it is password protected and I don't know the password.

Unfortunately the linksys comes up before the airport in the iBook, and the standard iBook wizard to configure your wireless couldn't be told to ignore it. Oh, there was a dropdown for it, but no matter what you put there, the next step went to the first in the list. :-(

I eventually found a more manual way to configure the network, and it isn't a problem now. But it was irritating at the time when I couldn't configure the laptop because I could not get it talking to the airport, and failing that could not get it accepted by the linksys...

Cheers,
Ben
"... I couldn't see how anyone could be educated by this self-propagating system in which people pass exams, teach others to pass exams, but nobody knows anything."
--Richard Feynman
Post #43,180
by Steve Lowe
6/22/02 12:06:44 AM
Reply
New Smoothwall
[link|http://www.smoothwall.org|Smoothwall]

Lightweight Linux distro designed for such a purpose. I have it running completely headless on a p100 with 32m ram and a 250meg disk, serving a mix of 6-8 win/lin clients. Includes squid, snort, IPSEC VPN and support for dynamic dns services, which AFIAK the various firewall-in-a-box devices don't. Also supports 3 nics (wan/lan/dmz) port forwarding, and extensive logging.

No Linux knowledge necessary, runs a web UI (ssl of course) although you can run a shell.
-----
Steve
     Trying to help a cow-orker secure his home network - (drewk) - (11) - June 21, 2002, 12:45:10 PM EDT
         Cow-orker? - (jbrabeck) - (5) - June 21, 2002, 01:05:29 PM EDT
             OT: cow-orker. - (static) - (4) - June 21, 2002, 11:07:59 PM EDT
                 And I though it was some one practicing animal husbandry. :) -NT - (a6l6e6x) - June 22, 2002, 10:25:06 PM EDT
                 Weren't the winning one... - (Yendor) - (1) - June 24, 2002, 04:01:59 PM EDT
                     Both. - (static) - June 25, 2002, 12:07:21 AM EDT
                 Those of us with cuth would never stoop - (Ashton) - June 24, 2002, 06:52:55 PM EDT
         Consider InJoy Firewall. - (Another Scott) - June 21, 2002, 01:06:40 PM EDT
         I like my Linksys setup - (SpiceWare) - (2) - June 21, 2002, 04:15:15 PM EDT
             Also wireless.. - (bepatient) - June 21, 2002, 06:55:24 PM EDT
             Reminds me of an iBook - linksys irritation - (ben_tilly) - June 22, 2002, 12:28:32 AM EDT
         Smoothwall - (Steve Lowe) - June 22, 2002, 12:06:44 AM EDT

Where's my rapid fire?
91 ms