Re: [fw-wiz] insecurity in internet connection thro cable modems

From: Dave Mitchell (dmitchell@viawest.net)
Date: 02/14/03

  • Next message: yossarian: "Re: [fw-wiz] FirePass questions"
    From: Dave Mitchell <dmitchell@viawest.net>
    To: "Perrymon, Josh L." <PerrymonJ@bek.com>
    Date: Fri, 14 Feb 2003 14:03:11 -0700
    

    For normal users I'd recommend some sort of appliance filter or firewall. More than
    likely, natting a home network behind a linksys soho router would be sufficient. If you
    want to do VPNing and what not, I think a Netscreen 5 would be the best for the home
    firewall. Putting in PIX 501's at someones home would be insane. If you have to administer
    it, a small Netscreen is much easier than dealing with PIX.

    -dave

    On Fri, Feb 14, 2003 at 10:42:16AM -0600, Perrymon, Josh L. wrote:
    > Yeah... I ( Security Professional ) would implement IPChains or a PIX @
    > home...
    > But don't you think Linux is completely out of the question for a regular
    > end user?????
    >
    > I'm looking for an application based firewall for my VPN users..
    > So far ZONE ALARM is my choice.. I just wished I could integrate it with
    > the PIX VPN client like the concentrator can.
    >
    >
    >
    > Any Ideas??
    > -JP
    >
    > -----Original Message-----
    > From: Chapman, Justin T [mailto:JtChapma@bhi-erc.com]
    > Sent: Friday, February 07, 2003 11:29 AM
    > To: 'firewall-wizards@honor.icsalabs.com '
    > Subject: RE: [fw-wiz] insecurity in internet connection thro cable
    > modems
    >
    >
    > >
    > >ipchains is old ( for the previous Linux Kernel 2.2 ), iptables
    > >http://www.iptables.org would be a better choice.
    >
    > Agreed. If it's an option at all, choose iptables over ipchains. It's more
    > flexable and it's a stateful packet filter, which makes for a "smarter"
    > firewall. IPtables (and ipchains for that matter) can be a bit intimidating
    > to work with, especially if you're new to the syntax. If you're going to
    > "rolll your own" firewall, I would suggest searching Google/Freshmeat.net
    > for "iptables generator". There are plenty of scripts/web frontends/guis
    > that make creating simple "consumer-grade" firewalls a snap. One that I
    > particularly like is a cgi-based one at:
    >
    > http://morizot.net/firewall/gen/
    >
    > Good luck!
    >
    > --justin
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    -- 
    --------------------------
    Dave Mitchell
    Network Engineer, ViaWest
    dmitchell@viawest.net
    (720) 891-1045
    --------------------------
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards