Re: [fw-wiz] Home Environment Cisco

From: Brian Ford (brford_at_cisco.com)
Date: 05/31/03

  • Next message: Noonan, Wesley: "RE: [fw-wiz] Home Environment Cisco" 
    To: "R. DuFresne" <dufresne@sysinfo.com>
Date: Sat, 31 May 2003 08:50:23 -0400

    Ron,

    You're right. In summary, the world (and the Internet) has gotten to be a
    more dangerous place. Our tools to defend against those dangers have been
    "productized".

    The reality is that I have 3 NAT boxes in my home office. They are
    great. But I can run trojans like Back Orifice on a device behind them and
    open/close the CD drive bay door to my hearts content. ;-) This bothered
    me, so I put a Firewall in place and I look at the logs to see if anything
    out of the ordinary is going / coming from my network. I supposedly know
    what to look for in those logs. I just wish that the tools were better for
    evaluating the log data (specifically from my home office). There are some
    fantastic high end tools but there is little down at the low end.

    I think the original question that was asked also pointed out that Nathan
    wanted to learn more about the Cisco IOS CLI. Hey, that's a great
    thing. I think you'll agree that there are many more capabilities than
    stateful Firewall that can be used to develop and enforce security policy.

    Liberty for All,

    Brian

    At 05:15 PM 5/30/2003 -0400, firewall-wizards-request@honor.icsalabs.com wrote:
    >Message: 10
    >Date: Fri, 30 May 2003 17:21:15 -0400 (EDT)
    >From: "R. DuFresne" <dufresne@sysinfo.com>
    >To: "Loomis, Rip" <GILBERT.R.LOOMIS@saic.com>
    >Cc: firewall-wizards@honor.icsalabs.com
    >Subject: RE: [fw-wiz] Home Environment Cisco
    >Organization: sysinfo.com
    >
    >
    > [SNIP]
    >
    > >
    > > I've been using Solaris, Linux, Windows, *BSD, and security
    > > appliances for several years too. I would agree with Ben
    > > Nagy's recommendation (Cisco 17xx) or Wes Noonan (PIX 5xx),
    > > or consider a Netscreen 25. Any of those are probably
    > > overkill--but they're all featureful, reliable, and *much*
    > > easier to configure in my experience than iptables/pf/ipfilter.
    > >
    > > I have no issue with advocacy, and I currently use all three
    > > of the above $freely-available-packet-filter implementations
    > > for Real Work...but I'd prefer we try to answer the question
    > > asked with a more appropriate response. Just my suggestion,
    > > anyway.
    > >
    >
    >And yet, prior to the sudden appearance of all the blackbox security
    >devices hitting the market in recent years, this was probably one of the
    >most common answers to such questions through the early 90's here and on
    >the old <defunct?> firewalls list for homeuser options and 'get it up
    >quick and cheap' solutions. And, still not too awfully bogus and answer
    >in this day and age either. Especially, considering the vast number of
    >cheapo boxes that can handle this task without any real bit to the wallet
    >in the backside. I was looking at the anything.pc.com website just today,
    >and a 450mhz dell box, 65 gig drive, 128 megs ram, and a few other odds
    >and ends probably not needed for the task as a fw/router was a mere 175!
    >The local wantads almost anyplace can supply something on the same cost
    >range for a person. Saves that SUN system at home from being wasted to
    >this task, and still comes off cheaper, even adding a monitor and
    >keyboard, should they not come with the box, then many of the soho
    >solutions offered. Support? irc channels on most any irc network can
    >help there, not to mention that those that still remember and use usenet
    >has a proliferation of comp.os... groups.
    >
    >I was surprised it took as long as it did for that answer to hit the list,
    >not long ago it would have been perhaps the first through the tenth or
    >more reply...
    >
    >Thanks,
    >
    >
    >Ron DuFresne

    Brian Ford
    Consulting Engineer
    Corporate Consulting Engineering, Office of the Chief Technology Officer
    Cisco Systems, Inc.
    http://www.cisco.com
    e-mail: brford@cisco.com

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Noonan, Wesley: "RE: [fw-wiz] Home Environment Cisco"

    Relevant Pages

    • Re: MS firewall interfering with vpn
      ... Is the IP range of the home office and that of the remote office, ... >> Understanding Windows Firewall ... >>> The settings on the laptop are fine. ... >>> internet connection on my home nework, ...
      (microsoft.public.windows.server.sbs)
    • OfficeConnect 25 Question - Please help!
      ... I've installed a 3COM OfficeConnect 25 Firewall in my home office. ... All PCs in my home ... translation, enabled HTTP Lan IN access, with the default LAN Server ...
      (comp.security.firewalls)
    • Re: work from home rant
      ... by a boss who provides this information by calling from his home office. ... Hmyes. ... firewall here, I could take matters into my own hands. ...
      (alt.sysadmin.recovery)
    • Re: about the Watchguard SOHO WG2500
      ... support is being withdrawn. ... > How good is this firewall for a home office with a cable modem connection? ...
      (comp.security.firewalls)
    • Re: Sonicwall SOHO3 Connection Issues
      ... set it up for my home office but I am having connection issues I hope ... It is loosing connection by itself after few ... back running so the logs are lost. ... bz+csm@xxxxxxxxxxxxxxxxxxxx remove ch100-5 to avoid spam trap ...
      (comp.security.firewalls)