Security Basics mailing list archives
Re: Cable Vs. DSL
From: Frank Gearhart <fgearhart () adelphia net>
Date: Fri, 25 Apr 2003 17:29:43 -0600
On 4/24/03 10:37 PM, "Callan K L Tham" <miburo () singnet com sg> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
I'm no security guru, just a network admin working on a master's. I use a cable modem at home, with a Net Gear ProSafe Firewall Router (model FR114P) protecting an Apple running OS X and a laptop running Win2K. I have the firewall set to deny pretty much anything incoming except http, and each machine runs a software firewall - I use the included firewall for OS X and Sybase free firewall for the Win2k laptop. The Net Gear logs do pick up a fair amount of denied incoming traffic, but so far the software firewall logs haven't shown anything. I agree that for most home users a decent router with any filtering rules set to deny almost all incoming packets should work. I've tried to "see" my router from outside using the IP address assigned by my ISP, and it seems to be effectively stealthed (no ICMP replies, etc.) The router can be administered remotely (via the Web) using the ISP-supplied IP and a specific port, but that can be turned off. I've used Net Gear for my home systems for a long time - primarily for ease of use and for the 5-year warranty (which I've used once or twice with no problems). For a small office, something more would probably be needed. I agree with what's been said before: "It depends on how paranoid you are." A router is just one layer of protection. The software firewall adds another layer, and for my home that's enough. I've used some sort of router/firewall with ISDN, 2-way satellite and cable and I've never had a successful intrusion that I know of. Bottom line: for a home broadband connection, at the least get a router with NAT, set the rules to deny incoming traffic unless you have a good reason not to, and turn off any remote administration options on the router. Oh, and keep up on any upgrades and firmware updates. Just my own $0.02. -- Frank Gearhart Colorado Springs, CO No fancy signature --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- RE: Cable Vs. DSL, (continued)
- RE: Cable Vs. DSL David M. Brown (Apr 22)
- RE: Cable Vs. DSL Imran K (Apr 22)
- RE: Cable Vs. DSL Jacob McMaster (Apr 22)
- Re: Cable Vs. DSL Paris Stone (Apr 23)
- RE: Cable Vs. DSL Jacob McMaster (Apr 23)
- RE: Cable Vs. DSL Mike Heitz (Apr 23)
- RE: Cable Vs. DSL Xueyan Liu (Apr 24)
- RE: Cable Vs. DSL David Gillett (Apr 25)
- Re: Cable Vs. DSL Chris Travers (Apr 25)
- Re: Cable Vs. DSL Callan K L Tham (Apr 25)
- Re: Cable Vs. DSL Frank Gearhart (Apr 28)
- RE: Cable Vs. DSL Xueyan Liu (Apr 24)
- RE: Cable Vs. DSL Lucas Zaichkowsky (Apr 23)
- Re: Cable Vs. DSL David Vertie (Apr 24)
- RE: Cable Vs. DSL Cosentino, Guilherme V. (Apr 28)
- RE: Cable Vs. DSL Cosentino, Guilherme V. (Apr 28)
- RE: Cable Vs. DSL Xueyan Liu (Apr 28)
- Re: Cable Vs. DSL Chris Berry (Apr 29)
- Re: Cable Vs. DSL Brian Eckman (Apr 30)
- RE: Cable Vs. DSL Jordan Jesse - Toronto-MROC (Apr 30)