Re: Cost of cheap but decent hardware firewall
From: jealous xmp (jealousxmp_at_aol.commonplace)
Date: 10 Mar 2004 18:56:50 GMT
>A linksys, or other brand of home broadband router running NAT seems
>to be a quite adequate firewall if you are just brwosing and doing email.
>It closes all ports to port probes, and NAT adds a little security.
>I'm open to suggestions as to how this is inadequate as a FW.
It's a side benefit of NAPT, or many to one NAT with private address space.
It's my understanding that SPI will tend to look further up in the protocol
layers to determine the authenticity of a packet. However, I'd tend to think
there is a difference between the SPI of an $8000 Sidewinder firewall and $50
Linksys combo units. Various companies will throw around terms like DPF, SPF,
SPI, etc, but the implementations vary somewhat.
Certainly in a few years, most all home appliances will have SPI and perhaps
many do already. But if you have an existing router and it would take $100
upgrade to get equal features plus SPI, I'd have to question whether it's worth
it. Someone who uses Kazaa a lot would probably be better off grabbing a
couple of copies of TDS 3 (trojan defense suite) instead.