[AccessD] OT: Firewall

Karen Rosenstiel karenr7 at oz.net
Mon Oct 10 17:03:11 CDT 2005 

John (and all),
I just bought a copy of the new distro of Mandriva (formerly Mandrake)at
Barnes & Noble and installed it on an old PIII box with 512m of ram.
Installed like a breeze. It read and set up my LAN, my printer and all the
hardware very easily. I had previously been trying to learn Linux with Red
Hat Ver. 9 and then Fedora, but it was a PITA. Mandriva didn't take any
longer than Windows XP either. You can set it up as a DHCP server with
firewall or DSN server or whatever.

The magazine that came with the distro -- from Linux Format -- had a
step-by-step install guide with tutorials and it included a Linux quick
reference wall chart. As you can tell, I was pretty impressed. Cost $20 but
might be worth your while to look at.

Regards,

Karen Rosenstiel
Seattle WA USA 

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of John Colby
Sent: Monday, October 10, 2005 12:17 PM
To: 'Access Developers discussion and problem solving'
Subject: Re: [AccessD] OT: Firewall

PCTech,

First let me say that signatures are a good thing.  We know what you like to
be called and can address you that way.

Second, I understand the "dedicated firewall" mentality, but for Joe Average
(me!) it is a non starter.  The effort involved in learning enough just to
get Linux installed is enough to kill the concept.  I have done that much
and all by itself it was enough to give me pause.  Believe me, I read about
such things and wish... But it ain't happening.  What is simple to a
"computer network engineer" is pretty much Greek to me.

And finally, what you are discussing is what high end routers with REAL SPI
etc firewalls built-in are all about are they not?  It is my understanding
that they are exactly that, real processors, running Linux, implementing a
firewall.  No hard disk to fail, no video to deal with, turns back on after
a power failure, instant on, etc.  I would be much more likely to go do that
than spend the time and effort building a Linux box to implement a firewall.
Even here, the difference between the $50 I actually spent and the $200 I
would need to spend for the real McCoy prevented that.

The simple router / NAT / firewall combination by itself pretty much
prevents the external probing kind of stuff (unless you have port mapping /
run a web server etc), and then the AV and software firewall picks up the
pieces not handled.  I have run this combination since going broadband about
4 years ago and have never had an infection, so I guess I have to say that
is "good enough".

I hate it when people rain on my parade, but I have considered this idea
several times in the past and just said no way it was going to really
happen.  OTOH, if you put together a "put in this CD, reboot and you will
have a hardware firewall" kind of package, I might be persuaded to try it.

John W. Colby
www.ColbyConsulting.com

More information about the AccessD mailing list