Re: [fw-wiz] insecurity in internet connection thro cable modems
From: Dave Mitchell (dmitchell@viawest.net)
Date: 02/14/03
- Previous message: manatworkyes moderator: "RE : [fw-wiz] Query on OS hardening"
- In reply to: Perrymon, Josh L.: "RE: [fw-wiz] insecurity in internet connection thro cable modems"
- Next in thread: Brian Ford: "Re: [fw-wiz] insecurity in internet connection thro cable modems"
- Maybe reply: Brian Ford: "Re: [fw-wiz] insecurity in internet connection thro cable modems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Dave Mitchell <dmitchell@viawest.net> To: "Perrymon, Josh L." <PerrymonJ@bek.com> Date: Fri, 14 Feb 2003 14:03:11 -0700
For normal users I'd recommend some sort of appliance filter or firewall. More than
likely, natting a home network behind a linksys soho router would be sufficient. If you
want to do VPNing and what not, I think a Netscreen 5 would be the best for the home
firewall. Putting in PIX 501's at someones home would be insane. If you have to administer
it, a small Netscreen is much easier than dealing with PIX.
-dave
On Fri, Feb 14, 2003 at 10:42:16AM -0600, Perrymon, Josh L. wrote:
> Yeah... I ( Security Professional ) would implement IPChains or a PIX @
> home...
> But don't you think Linux is completely out of the question for a regular
> end user?????
>
> I'm looking for an application based firewall for my VPN users..
> So far ZONE ALARM is my choice.. I just wished I could integrate it with
> the PIX VPN client like the concentrator can.
>
>
>
> Any Ideas??
> -JP
>
> -----Original Message-----
> From: Chapman, Justin T [mailto:JtChapma@bhi-erc.com]
> Sent: Friday, February 07, 2003 11:29 AM
> To: 'firewall-wizards@honor.icsalabs.com '
> Subject: RE: [fw-wiz] insecurity in internet connection thro cable
> modems
>
>
> >
> >ipchains is old ( for the previous Linux Kernel 2.2 ), iptables
> >http://www.iptables.org would be a better choice.
>
> Agreed. If it's an option at all, choose iptables over ipchains. It's more
> flexable and it's a stateful packet filter, which makes for a "smarter"
> firewall. IPtables (and ipchains for that matter) can be a bit intimidating
> to work with, especially if you're new to the syntax. If you're going to
> "rolll your own" firewall, I would suggest searching Google/Freshmeat.net
> for "iptables generator". There are plenty of scripts/web frontends/guis
> that make creating simple "consumer-grade" firewalls a snap. One that I
> particularly like is a cgi-based one at:
>
> http://morizot.net/firewall/gen/
>
> Good luck!
>
> --justin
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- -------------------------- Dave Mitchell Network Engineer, ViaWest dmitchell@viawest.net (720) 891-1045 -------------------------- _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Next message: yossarian: "Re: [fw-wiz] FirePass questions"
- Previous message: manatworkyes moderator: "RE : [fw-wiz] Query on OS hardening"
- In reply to: Perrymon, Josh L.: "RE: [fw-wiz] insecurity in internet connection thro cable modems"
- Next in thread: Brian Ford: "Re: [fw-wiz] insecurity in internet connection thro cable modems"
- Maybe reply: Brian Ford: "Re: [fw-wiz] insecurity in internet connection thro cable modems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
