Security Basics mailing list archives
Re: Windows 98 box is 'owned'; Re:
From: Glenn Sieb <ges () wingfoot org>
Date: Tue, 05 Oct 2004 14:11:29 -0400
[more offlist commentary... --Best, G.] GuidoZ said the following on 10/5/2004 1:56 AM:
Hello again. =)
:)
Completely agree, 100%. I'd never expect a home user to have a need for a true hardware firewall. (I also noted in my original reply to the list that a router like those mentioned would be plenty for his mother.) The NetGear is a good choice. I'm usually one to recommend a LinkSys, however NetGear is my 2nd choice. =)
*nodnod* I'm new on the list, I may have missed some of the original commentary.... Since I'm no longer at Lumeta, I wanted to keep my 'fingers in' what the communities are looking at for security products & discussion--I mean I can still bounce things off of Ches and Tal, but still--it's good to read other perspectives too! :)
My argument wasn't that home users needed a true hardware firewall. It was that LinkSys, NetGear and D-link don't make true hardware firewalls. Terminology, nothing more. ;) I've been in this industry far to long to let something like that get by. Too many people already have it confused.
*nodnodnod* I fully agree. At least some of them put out things resembling them :) I'm much happier with the Netgear than I was with the DLink, personally.
I would also like to emphasize a point you made - if it's not possible for them to use correctly (even if it is just a router), then having it is a waste. You could have the best tools in the world at your disposal, but if you have no clue how to use them, it's meaningless. Very good point.
Yeah--I've been doing over-ICQ troubleshooting with a friend who has DSL and one of the Netgears. Finally I told him he needed to just call Netgear--they'd get the router to log into the DSL accounts, and then everything would be hunky-dory--he had "a friend" come over--and though everything's plugged into the right ports (thank the gods), the guy never did anything about having the *router* do the log-in to the service. *sigh*
Don't get me started on BlackICE! =) It's an IDS, not a true software firewall. (Google it for more info - Steve Gibson has a good write up on it.) ZoneAlarm is a good choice. So is Kerio. Both are free, easy to use, and work. Aside from the freebie class, I'm a big fan of Sygate. I do NOT like Norton Internet Security and McAfee anything. Both are resource hogs and frankly are unnecessary. Why pay so much for something you can get for free?
*nod* I just know that one of the guys at Lumeta (Karl Siil) swore by it. *shrug*--I've always had ZoneAlarm, personally. I haven't heard of/played with Kerio yet--or Sygate. I fully agree with Norton & McAfee--however, a lot of people buy them because of the name.
Amen. I swear by FireFox/Mozilla products and have since the old Netscape days. Luckily, I started converting those whom I had influence over years before IE started having all the recent problems. (Just back when it was having the other problems. =P )
LOL! :)
When the time came that it simply wasn't safe to use IE anymore, they switched without much fuss. The only thing missing when it comes to functionality is something no one should of started relying on in the first place - ActiveX.
Hear Hear!!!! Unfortunately, people don't "get" that it's so damn evil :-/
One of the organizations I support based an application on the .NET framework and was using an ActiveX applet to do some client side scripting. Unfortunately nothing but IE will work for them. If you have any suggestions, I'm quite willing to listen. ;)
Hmm. So they're looking to run an applet on the client side via a webpage? Java/script would be less evil than ActiveX....(not by much but...) Whenever I wanted to run stuff client-side, I just used a WSH script--if it's all internal-stuff, then the WSH script can be run off of a domain controller, and the output (if any) could be saved on whatever internal server it would have access to.... At least it's *not* ActiveX... (granted, it can still be evil, however.. My point is, I'd rather trust *my* evil to do the right thing, than trust an ActiveX applet to do the right thing...)
Again, see my first paragraph. I wasn't trying to convince Tom, Dick, and Harry to go out and get a SonicWall. I was only stating that there is a big difference between NAT and a hardware firewall. Not only would it be way overkill, but it would also be a waste as they coudl never figure out how to use it properly. A poorly configured firewall is worse then none at all - it gives a false sense of security. A problem often overlooked by too many that should know better!
*nodnodnod* We eventually gave up on the Nokia (couldn't get some things to work like DHCP forwarding--long story), and ended up building a FreeBSD/ipf solution which (to my knowledge) is still serving them to this day.
One firewall that could be considered both a hardware and software firewall (and even an enterprise class one at that) is the Linux based Smoothwall. It's free to download and only needs two NICs
<snip>
Defanitely check it out if you haven't already: http://www.smoothwall.org (Google it for myraids of configuration tips, scripts and tweaks.)
Nice! I'll have to look into it :)
Likewise. =) I always appreciate intelligent conversation.
Ditto :)) Best, G. -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." ~Benjamin Franklin, Historical Review of Pennsylvania, 1759
Current thread:
- RE: Windows 98 box is 'owned', (continued)
- RE: Windows 98 box is 'owned' OTTO, DOUGLAS P. (Sep 30)
- RE: Windows 98 box is 'owned' Randy Williams (Sep 30)
- Re: Windows 98 box is 'owned' GuidoZ (Oct 04)
- RE: Windows 98 box is 'owned' Randy Williams (Oct 04)
- Re: Windows 98 box is 'owned' GuidoZ (Oct 04)
- Message not available
- Re: Windows 98 box is 'owned' GuidoZ (Oct 05)
- Re: Windows 98 box is 'owned' GuidoZ (Oct 04)
- Re: Windows 98 box is 'owned' Glenn Sieb (Oct 04)
- Re: Windows 98 box is 'owned' GuidoZ (Oct 05)
- Re: Windows 98 box is 'owned' GuidoZ (Oct 05)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Windows 98 box is 'owned'; Re: GuidoZ (Oct 06)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Windows 98 box is 'owned'; Re: Glenn Sieb (Oct 06)
- Message not available
- Message not available
- Re: Windows 98 box is 'owned'; Re: Glenn Sieb (Oct 06)
- Re: Windows 98 box is 'owned'; Re: GuidoZ (Oct 07)
- Re: Windows 98 box is 'owned'; Re: Glenn Sieb (Oct 08)
- Re: Windows 98 box is 'owned'; Re: GuidoZ (Oct 08)
- Re: Windows 98 box is 'owned'; Re: xyberpix (Oct 08)
- Re: Windows 98 box is 'owned'; Re: GuidoZ (Oct 12)
- Re: Windows 98 box is 'owned'; Re: Ansgar -59cobalt- Wiechers (Oct 08)
- Re: Windows 98 box is 'owned'; Re: GuidoZ (Oct 12)
- Re: Windows 98 box is 'owned'; Re: Ansgar -59cobalt- Wiechers (Oct 13)
- Re: Windows 98 box is 'owned'; Re: GuidoZ (Oct 15)