Frank Tanner III
pctech at mybellybutton.com
Tue May 27 10:00:58 CDT 2003
The Linksys ones are real nice. They're nice enough that Cisco is either in the process of, or has already, bought Linksys. If they're good enough for Cisco, they're good enough for me...hehehe --- rusty.hammond at cpiqpc.com wrote: > For a firewall appliance what about something like > the Linksys Instant > Broadband EtherFast Cable/DSL Firewall Router (model > number BEFSX41). This > lists for $60 on buy.com. It provides a port for > dedicated DMZ hosting and > has the Stateful Packet Inspection firewall. It > wouldn't have all the bells > and whistles that the sonicwall does but for the > money it seems like a gem. > > Sorry if this sounds like an ad for the product but > I've hooked one up and > like it. > > Rusty > > -----Original Message----- > From: Frank Tanner III > [mailto:pctech at mybellybutton.com] > Sent: Friday, May 23, 2003 10:54 AM > To: accessd at databaseadvisors.com > Subject: RE: [AccessD] OT: DSL/IIS/Viruses > > > Depends. > > If you go the "firewall appliance" route, such as > SinocWall, you're looking at close to a thousand > bucks > (the last time I checked). If you go the "I'm > taking > a PC, putting multiple network cards in it and > making > a firewall out of it." you can get away for free if > you have the hardware readily available. > > My firewall is a P3-700 PC with 256MB of RAM, an 8GB > hard drive and 4 network cards. Hardware-wise this > firewall is way overkill for what I need, . I > wouldn't recommend anything less than a P2-333 for a > firewall though if you have a DSL or cablemodem > based > Internet connection. For an OS it's running a > hardened minimilistic flavor of Red Hat Linux 8.0. > I'm running the built-in IPTables firewall for all > of > my firewalling needs. That makes the OS and > firewall > free too. > > --- Jim DeMarco <Jdemarco at hshhp.org> wrote: > > Thanks Martin. > > > > >From what I'm gathering from this thread I should > > look into a hardware solution (that the fact that > > I'm running WinME on a P200 that's a relatively > slow > > performer as is). How costly might that be? > > > > Jim DeMarco > > > > > > > > -----Original Message----- > > From: Mwp.Reid at Queens-Belfast.AC.UK > > [mailto:Mwp.Reid at Queens-Belfast.AC.UK] > > Sent: Friday, May 23, 2003 11:12 AM > > To: accessd at databaseadvisors.com > > Subject: RE: [AccessD] OT: DSL/IIS/Viruses > > > > > > Jim > > > > You run a web server at hoem your always at risk > of > > hacking attempts. Put up a secent firewall. > > > > I have IIS running on a server here but its not > > connected to the web. Dosnt matter for dev work at > > all. I connect as and when I need to. Other than > > that I leave the server of the modems. > > > > > > > > Martin > > > > > > On May 23 2003, Jim DeMarco wrote: > > > > > What about running it on another machine on my > > (wireless) network that's > not directly connected > > to my DSL modem but has Internet access via that > > > connection? Is that any safer? > > > > > > Jim DeMarco > > > > > > > > > -----Original Message----- > > > From: Frank Tanner III > > [mailto:pctech at mybellybutton.com] > > > Sent: Friday, May 23, 2003 9:29 AM > > > To: accessd at databaseadvisors.com > > > Subject: RE: [AccessD] OT: DSL/IIS/Viruses > > > > > > > > > Personally, I wouldn't run ANY public accessable > > > services on my LAN. There is a MUCH safer way > to > > do > > > it, but it isn't super cheap. > > > > > > I have a custom built firewall, which I run at > > home. > > > The "public" side of it connects directly to my > > > Internet connection, in this case a 1Mbit VDSL > > > connection. Then I have a "private" side, which > > > connects to my LAN, and has my strict firewall > > rules. > > > Only what I want gets in and out. Lastly, I > have > > a > > > "DMZ". This is where I place my publicly > > accessable > > > machines. It is still firewalled, but not as > > > stringently as the LAN side, since the public > > needs to > > > hit it. Even in this DMZ I only let through the > > ports > > > I absolutely need to. Such as 80 & 443 for Web, > > 25 & > > > 110 for e-mail, etc. My LAN is also firewalled > > from > > > my DMZ in this configuration except for what's > > > absolutely needed. > > > > > > In this confugiration, unless I specifically > open > > an > > > e-mail with a virus attached, or something silly > > like > > > that, I'm about as safe as one can get from "the > > big > > > bad Internet". The worst that can happen is > that > > > there is an exploit for one of my publicly > > accessable > > > boxes and they get compromised. My LAN is still > > safe. > > > > > > As a side note, my firewall, web server, and > > e-mail > > > server are all running Linix or FreeBSD. This > > makes > > > them less succeptable to all of the more common > > > attacks that the "script kiddies" like to use. > > About > > > 80% of the attacks and defacements on publicly > > > accessable servers are done by "script kiddies". > > > An > > > added benifit is that IIS specific exploits have > > no > > > affect other than to fill my logs, which archive > > and > > > rotate off daily. > > > > > > Is this a bit excessive, since I don't run a > > business > > > out of my home? Yeah, it is. But there's no > such > > > thing as too much security. > > > > > > --- John Frederick <j.frederick at att.net> wrote: > > > > Yes, it is necessary. When I started doing > .asp > > on > > > > the same machine I used > > > > to dial-up to get email, I got, over some > period > > of > > > > time, about a dozen > > > > different viruses, some of which propagated > > through > > > > my lan to other > > > > machines. If you can't block the access from > > the > > > > net to your machines, you > > > > need to either use a firewall or disconnect > the > > pws > > > > machine from the lan. > > > > > > > > P.S.: If you put firewalls, such as Norton or > > McAfee > > > > on your machines, you > > > > can ask to be warned and have a change to say > ok > > or > > > > no when a program tries > > > > to access another machine or the net. You'll > be > === message truncated ===