Re: Home firewall/NAT appliances - summary

[Dave Piscitello <dave () corecom com>]

Thanks, I received about 20 replies.

*All* SOHO firewall/NAT _appliances_ known to folks who
responded default to allow any outbound. I asked to confirm
what I believe true on behalf of a friend who is designing a
home product that may require some remote access: since
most home users don't configure firewall inbound policy (which
is almost always deny ALL inbound, one possibility is to have
the product "all home", (like certain trojans and zombies and
subscriptionware).

*Lots* of folks say this makes sense.
I won't start a thread about this, I'm sure we've endured
enough "security vs. ease of installation" discussions.

If you want to take this up with me, do so offline and save
maillist electrons.

Some folks responded with experience from personal firewall
software. Several of these do indeed block all outbound
applications by default and some interact with the user
on a per application basis to customize a policy. I'm not
convinced every home user responds knowledgeably
to "notarookit.exe wants to connect to the internet, is this OK?",
but at least it's not wide open.

At 10:14 AM 7/17/2003 +1000, Michael Still wrote:

> > Most every home firewall/NAT appliance I've configured
> > comes with an out-of-the-box default policy of "allow any outbound".
> >
> > Is this everyone's experience?
>
> Pretty much. For homes, it makes a lot of sense.
>
> Cheers,
> Mikal
>
> --
>
> Michael Still (mikal () stillhq com) | Stage 1: Steal underpants
> http://www.stillhq.com            | Stage 2: ????
> UTC + 10                          | Stage 3: Profit


----------
David M. Piscitello
Core Competence, Inc.
Myrtle Bank Lane HHI, SC 29926
Company: http://www.corecom.com
WebLog: http://hhi.corecom.com/weblogindex.htm
Personal: http://hhi.corecom.com



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards