Re: Linksys router as Firewall
From: Leythos (void_at_nowhere.com)
Date: 07/19/03
- Next message: Lars M. Hansen: "Re: Linksys router as Firewall"
- Previous message: Burzek: "kerio firewall problems"
- In reply to: Lars M. Hansen: "Re: Linksys router as Firewall"
- Next in thread: Lars M. Hansen: "Re: Linksys router as Firewall"
- Reply: Lars M. Hansen: "Re: Linksys router as Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 19 Jul 2003 17:01:27 GMT
In article <vqqihvgcp9ndudq1s3nkglu1e0570t2ops@4ax.com>,
badnews@hansenonline.net says...
> On Sat, 19 Jul 2003 14:48:05 GMT, Leythos spoketh
[snip]
> >None of the Linksys line provide filtering of the INBOUND connections
> >that are FORWARDED - there is nothing inspected in the forwarded ports.
> >So, while it does isolate the external from the uninvited internal, it
> >has no means to inspect the packets for content (as most firewalls do).
>
> Only application based proxies provides data inspection. This is only
> available on some firewalls, and only for specific protocols (http, ftp,
> smtp)
I've used the WatchGuard for so long that I've grown to expect this
feature. I never expected it to be in the home class firewalls.
[snip]
> >> >(d) filtering outgoing traffic for security and network usage rules
> >> >(filtering or monitoring service);
> >>
> >> The Linksys router does that.
> >
> >It does not. You can filter outbound based only on MAC, IP, and PORT.
> >There is nothing to in any of those methods that allow the Linksys to
> >check the content of those packets.
>
> Again, only application based proxies provides data inspection, and this
> is only available on some firewalls, and only for certain protocols. The
> Linksys' rules are extremely simplistic (as I mentioned at the bottom of
> my post, but they do exist).
I agree with you about the level of inspection on the linksys. I've
loved them for all sorts of applications.
We're on the same page here.
I just wish that ISP's would inform users (or include it as part of a
start-up cost) about routers and NAT. It would cut down on the number of
compromised machines by quite a bit.
[snip]
> >> >(e) filtering incoming traffic for rogue data (viruses, spam,
> >> >inappropriate data (filtering), or improper actions (port scanning,
> >> >overload prevention, etc.;
> >>
> >> Virus scanning and spam filtering is not a function of a firewall.
> >
> >All Firewall products (real ones) allow you to block attachments,
> >headers, etc.... None of the Linksys do this. I don't think the (e) was
> >suppose to mean that it scans the data, more that it allows admins to
> >block file types and such.
> >
>
> Really? Neither the Pix nor Symantec Enterprise firewall supposed
> removal of attachments in e-mail. I don't think the Sonicwalls does this
> either. I can't speak for other "real firewalls"
I've not used a Sonic or Pix in about a year, but the WatchGuard
Firewalls have been able to do this for about 4 years. If you setup a
SMTP filter it can be configured to block all sorts of inbound
attachments, not just mime types. The good part of the email still gets
through.
Ever since I got my first FW1 and Sonic and Netscreen I've wanted to go
back to WatchGuard. Even the SOHO lines offer more than the home user
NAT appliances (but they cost a lot more than a $79 Linksys).
I still think it would be great if ISP's were forced to provide a NAT
router to every customer.
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: Lars M. Hansen: "Re: Linksys router as Firewall"
- Previous message: Burzek: "kerio firewall problems"
- In reply to: Lars M. Hansen: "Re: Linksys router as Firewall"
- Next in thread: Lars M. Hansen: "Re: Linksys router as Firewall"
- Reply: Lars M. Hansen: "Re: Linksys router as Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
