Re: [fw-wiz] Home Environment Cisco

• Previous message: Brian Ford: "Re: [fw-wiz] Home Environment Cisco"
• Maybe in reply to: Nathan: "[fw-wiz] Home Environment Cisco"
• Next in thread: Noonan, Wesley: "RE: [fw-wiz] Home Environment Cisco"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "R. DuFresne" <dufresne@sysinfo.com>
Date: Sat, 31 May 2003 08:50:23 -0400

Ron,

You're right. In summary, the world (and the Internet) has gotten to be a
more dangerous place. Our tools to defend against those dangers have been
"productized".

The reality is that I have 3 NAT boxes in my home office. They are
great. But I can run trojans like Back Orifice on a device behind them and
open/close the CD drive bay door to my hearts content. ;-) This bothered
me, so I put a Firewall in place and I look at the logs to see if anything
out of the ordinary is going / coming from my network. I supposedly know
what to look for in those logs. I just wish that the tools were better for
evaluating the log data (specifically from my home office). There are some
fantastic high end tools but there is little down at the low end.

I think the original question that was asked also pointed out that Nathan
wanted to learn more about the Cisco IOS CLI. Hey, that's a great
thing. I think you'll agree that there are many more capabilities than
stateful Firewall that can be used to develop and enforce security policy.

Liberty for All,

Brian

At 05:15 PM 5/30/2003 -0400, firewall-wizards-request@honor.icsalabs.com wrote:
>Message: 10
>Date: Fri, 30 May 2003 17:21:15 -0400 (EDT)
>From: "R. DuFresne" <dufresne@sysinfo.com>
>To: "Loomis, Rip" <GILBERT.R.LOOMIS@saic.com>
>Cc: firewall-wizards@honor.icsalabs.com
>Subject: RE: [fw-wiz] Home Environment Cisco
>Organization: sysinfo.com
>
>
> [SNIP]
>
> >
> > I've been using Solaris, Linux, Windows, *BSD, and security
> > appliances for several years too. I would agree with Ben
> > Nagy's recommendation (Cisco 17xx) or Wes Noonan (PIX 5xx),
> > or consider a Netscreen 25. Any of those are probably
> > overkill--but they're all featureful, reliable, and *much*
> > easier to configure in my experience than iptables/pf/ipfilter.
> >
> > I have no issue with advocacy, and I currently use all three
> > of the above $freely-available-packet-filter implementations
> > for Real Work...but I'd prefer we try to answer the question
> > asked with a more appropriate response. Just my suggestion,
> > anyway.
> >
>
>And yet, prior to the sudden appearance of all the blackbox security
>devices hitting the market in recent years, this was probably one of the
>most common answers to such questions through the early 90's here and on
>the old <defunct?> firewalls list for homeuser options and 'get it up
>quick and cheap' solutions. And, still not too awfully bogus and answer
>in this day and age either. Especially, considering the vast number of
>cheapo boxes that can handle this task without any real bit to the wallet
>in the backside. I was looking at the anything.pc.com website just today,
>and a 450mhz dell box, 65 gig drive, 128 megs ram, and a few other odds
>and ends probably not needed for the task as a fw/router was a mere 175!
>The local wantads almost anyplace can supply something on the same cost
>range for a person. Saves that SUN system at home from being wasted to
>this task, and still comes off cheaper, even adding a monitor and
>keyboard, should they not come with the box, then many of the soho
>solutions offered. Support? irc channels on most any irc network can
>help there, not to mention that those that still remember and use usenet
>has a proliferation of comp.os... groups.
>
>I was surprised it took as long as it did for that answer to hit the list,
>not long ago it would have been perhaps the first through the tenth or
>more reply...
>
>Thanks,
>
>
>Ron DuFresne

Brian Ford
Consulting Engineer
Corporate Consulting Engineering, Office of the Chief Technology Officer
Cisco Systems, Inc.
http://www.cisco.com
e-mail: brford@cisco.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Brian Ford: "Re: [fw-wiz] Home Environment Cisco"
• Maybe in reply to: Nathan: "[fw-wiz] Home Environment Cisco"
• Next in thread: Noonan, Wesley: "RE: [fw-wiz] Home Environment Cisco"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]