Re: Stealth vs. Blocked

From: David (davidwnh@adelphia.net)
Date: 04/13/03


From: "David" <davidwnh@adelphia.net>
Date: Sun, 13 Apr 2003 04:50:32 GMT

It's like everything else we discuss here. We all have different needs and
are exposed to different environments online so the more individuals we have
that are willing to comment on their own personal experiences the better of
we are in figuring out what does and doesn't apply to different users.
>
> Oops! Audience #3 is about to rear its head, I see!

You can put a cheap router in front of everything and still use your machine
with ICS as a gateway. With a properly set up firewall on the gateway
machine you may be comfortable enough without seperate firewalls on each
machine. If you are only allowing certain traffic out through the single
firewall many trojans can be stopped in their tracks even if they
inadvertantly get loaded onto one of your machines. With easily managed AV
software and maybe a file integrity application on each workstation most of
your firewall management ends up on a single machine yet you are still
covered when it comes to the trojan and spyware issues. Internal traffic is
no longer hindered by poorly configured personal firewalls and each user can
get back to what they really want to do as opposed to scratching their heads
wondering what the most recent meaningless firewall alert means.

There are so many other ways to skin this cat....dedicated firewall
appliance, smoothwall on an old machine, etc. It all depends on the budget,
and the level of understanding of each solution in regards to the person who
will be administering it.
>
> Yes, I'm becoming more and more inclined to put a hardware appliance
inline
> and get off this exclusive on a software router (ICS) and software
> firewalls. However, my interest is more primarily driven by the desire to
> get a centralized focal point for protecting the small LAN here from
> external attack rather than depending exclusively on software applications
> subject to the whims of the users on the various machines. Sure, I'll
still
> keep the software firewalls, the AV and AT software, and the file
> authentication utilities on the various boxes but that should then be
> primarily handling intra-LAN issues.

Fortunately (for some of us at least) it is mostly the larger businesses and
outspoken personalities that are involved in "controversial" issues that are
"blessed" with such problems. Occasional however you might get a teen on the
local subnet who just can't wait to impress his friends with the DOS agent
he just downloaded off the internet.
>I don't think I've ever been 'blessed'
> with a real DoS or DDoS attack (not much point in doing it, quite
frankly);
> Dave "Crash" Dummy actually had to do the old "I double-dare ya!" routine
to
> get what I think was his one and only.