Re: Windows 98 box is 'owned'; Re:

[Glenn Sieb <ges () wingfoot org>]

(More followup from offlist discussion with Guido :) --Best, G.)

GuidoZ said the following on 10/5/2004 12:33 AM:

> I agree Glen. but only to a point. Many offer features of a hardware
> firewall, such as SPI. However, in my book, it's not a true hardware
> firewall unless it offers a multitude of common features generally
> associated with true hardware firewalls. (SPI, Content filtering, VPN
> support, and PKI to name a few.)
>  
Hi Guido,

I don't expect home users to have to invest a few hundred dollars (in
some cases, per year) to be able to use their cablemodem/DSL
connections... However, whenever I help friends set up their home
networks, I do suggest (nowadays) the Netgear WGR614, which gives SPI,
allows IPSEC outbound for connection to their work VPNs, and lets them
use their laptops via wireless (with a key, etc., of course). It's all
based on need--home users don't need content filtering, VPN support
(except for being able to get to their work connections) or PKI in
general. Power users like those of us who are sysadmins, sure... but Ma
and Pa Kettle? Nah. Frankly, there is such a thing as "too much"
complexity for end users--in my experience, if they can't plug it in and
use it (or have me over for dinner and make sure it's all plugged in and
useable), they aren't going to use it. It'll end up gathering dust next
to their trash can. I also generally advise they get a copy of ZoneAlarm
or BlackIce to complement the hardware, and to make sure they have an
anti-virus program on their machines. I also try and preach the wonders
of Firefox/Mozilla and Thunderbird--unfortunately, most people fear lots
of change--and they're comfortable with Outcrack (as I call it) and
Internet Exploder. Why? "They just work" is usually the answer they give
me. I can configure Firefox to look scarily like IE and Thunderbird to
have 90% of the functionality of Outcrack (generally features in that
10% are stuff they never would use anyway), and yet they'll still go
back to IE & OE. It's the old "lead a horse to water, but can't make
them drink" bit :-/

> While it's quite true that some Netgear/LinkSys,D-link routers may
> offer firewall features (I'm not aware of any one that offers more
> then SPI), they are too often confused with real hardware firewalls.
> (Google: SonicWall and AlphaShield for a start) I wanted to make sure
> others didn't improperly assume, like so many have, that NAT
> constitutes a firewall.
>  
Yes I've run PIXs and Nokia firewalls in the past. However, I see them
(and their peers) as "enterprise-grade" and *way* overkill for Ma and Pa
Kettle.

> Thanks for you comments.
>  
Thanks for the reply :)

Best,
Glenn

--
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
         ~Benjamin Franklin, Historical Review of Pennsylvania, 1759