Frank Tanner III
pctech at mybellybutton.com
Fri May 23 10:21:47 CDT 2003
Yes, I am aware that "hardwired" routers have firewalls in them too. We were talking about wireless ones, though....hehehehe --- Charlotte Foust <cfoust at infostatsystems.com> wrote: > My DSL router, which is not wireless, has a built in > firewall. You have > to disable software firewalls in order to install > the router. > > Charlotte Foust > > -----Original Message----- > From: Frank Tanner III > [mailto:pctech at mybellybutton.com] > Sent: Friday, May 23, 2003 6:48 AM > To: accessd at databaseadvisors.com > Subject: RE: [AccessD] OT: DSL/IIS/Viruses > > > If it touches the Internet in any way, except > through > a firewall, it's vulnerable. Some wireless routers > have a built-in "firewall", but I'm not sure how > secure they really are. I never trust > multi-function > systems like that. I use a wireless router for > wireless connections, and a firewall for a firewall. > > --- Jim DeMarco <Jdemarco at hshhp.org> wrote: > > What about running it on another machine on my > > (wireless) network that's not directly connected > to > > my DSL modem but has Internet access via that > > connection? Is that any safer? > > > > Jim DeMarco > > > > > > -----Original Message----- > > From: Frank Tanner III > > [mailto:pctech at mybellybutton.com] > > Sent: Friday, May 23, 2003 9:29 AM > > To: accessd at databaseadvisors.com > > Subject: RE: [AccessD] OT: DSL/IIS/Viruses > > > > > > Personally, I wouldn't run ANY public accessable > > services on my LAN. There is a MUCH safer way to > do > > it, but it isn't super cheap. > > > > I have a custom built firewall, which I run at > home. > > > > The "public" side of it connects directly to my > > Internet connection, in this case a 1Mbit VDSL > > connection. Then I have a "private" side, which > > connects to my LAN, and has my strict firewall > > rules. > > Only what I want gets in and out. Lastly, I have > a > > "DMZ". This is where I place my publicly > accessable > > machines. It is still firewalled, but not as > > stringently as the LAN side, since the public > needs > > to > > hit it. Even in this DMZ I only let through the > > ports > > I absolutely need to. Such as 80 & 443 for Web, > 25 > > & > > 110 for e-mail, etc. My LAN is also firewalled > from > > my DMZ in this configuration except for what's > > absolutely needed. > > > > In this confugiration, unless I specifically open > an > > e-mail with a virus attached, or something silly > > like > > that, I'm about as safe as one can get from "the > big > > bad Internet". The worst that can happen is that > > there is an exploit for one of my publicly > > accessable > > boxes and they get compromised. My LAN is still > > safe. > > > > As a side note, my firewall, web server, and > e-mail > > server are all running Linix or FreeBSD. This > makes > > them less succeptable to all of the more common > > attacks that the "script kiddies" like to use. > > About > > 80% of the attacks and defacements on publicly > > accessable servers are done by "script kiddies". > An > > added benifit is that IIS specific exploits have > no > > affect other than to fill my logs, which archive > and > > rotate off daily. > > > > Is this a bit excessive, since I don't run a > > business > > out of my home? Yeah, it is. But there's no such > > thing as too much security. > > > > --- John Frederick <j.frederick at att.net> wrote: > > > Yes, it is necessary. When I started doing .asp > > on > > > the same machine I used > > > to dial-up to get email, I got, over some period > > of > > > time, about a dozen > > > different viruses, some of which propagated > > through > > > my lan to other > > > machines. If you can't block the access from > the > > > net to your machines, you > > > need to either use a firewall or disconnect the > > pws > > > machine from the lan. > > > > > > P.S.: If you put firewalls, such as Norton or > > McAfee > > > on your machines, you > > > can ask to be warned and have a change to say ok > > or > > > no when a program tries > > > to access another machine or the net. You'll be > > > amazed about how many > > > Microsoft and other vendow programs do so for no > > > reason related to your > > > current operation in progress. If you're not > > > already paranoid, that will > > > make you so. > > > > > > -----Original Message----- > > > From: accessd-bounces at databaseadvisors.com > > > [mailto:accessd-bounces at databaseadvisors.com]On > > > Behalf Of Jim DeMarco > > > Sent: Friday, May 23, 2003 8:03 AM > > > To: AccessD (E-mail) > > > Subject: [AccessD] OT: DSL/IIS/Viruses > > > > > > > > > List, > > > > > > A while back I got a DSL connection on my home > > > office PC which I > > > occasionally use for web development using > > Personal > > > Web Server (Win 9x/ME > > > version of IIS). I was advised by our staff > > network > > > person NOT to run PWS > > > after the DSL was up because I'd be succeptable > to > > > attacks and viruses. > > > Does anyone know if this is true? I have not > run > > > PWS in a couple of months > > > and have been using a disconnected laptop to > write > > > ASP code but I'm > > > wondering if this is necessary. Would I need to > > > install a firewall if I > > > want to run PWS? > > > > > > Thanks, > > > > > > Jim DeMarco > > > > > > > > > > > > ************************************************************************ > **** > > > ******* > > > "This electronic message is intended to be for > the > > > use only of the named > > > recipient, and may contain information from > Hudson > > > Health Plan (HHP) that is > > > confidential or privileged. If you are not the > > > intended recipient, you are > > > hereby notified that any disclosure, copying, > > > distribution or use of the > > > contents of this message is strictly prohibited. > > If > > > you have received this > > > message in error or are not the named recipient, > > > please notify us > > > immediately, either by contacting the sender at > > the > > > electronic mail address > > > noted above or calling HHP at (914) 631-1611. If > > you > > > are not the intended > > > recipient, please do not forward this email to > === message truncated ===