Re: Linksys hardware firewall enough...?
From: Leythos (void_at_nowhere.org)
Date: 11/09/04
- Next message: Lars M. Hansen: "Re: Linksys hardware firewall enough...?"
- Previous message: Kenneth: "Re: Linksys hardware firewall enough...?"
- In reply to: Gary: "Re: Linksys hardware firewall enough...?"
- Next in thread: Gary: "Re: Linksys hardware firewall enough...?"
- Reply: Gary: "Re: Linksys hardware firewall enough...?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 09 Nov 2004 14:13:39 GMT
In article <v24kd.67642$HA.1994@attbi_s01>, garyd@efn.org.spamsux
says...
> Lars M. Hansen wrote:
>
> > Do you see the difference? You need more than the rudimentary packet
> > filtering found in these broadband routers to make it a firewall.
>
> I certainly do see the difference in the features. But by every
> definition, a packet filter is still a firewall. I'm not recommending
> that hotmail.com start deploying Linksys home networking gear to protect
> their server farm. I'm suggesting that end users with small networks
> need not always be encouraged to spend more than US$300 for a device
> whose role could easily be filled by a D-Link DFL-80 or NetGear FR114P,
> etc., etc.
Ah, but by your definition they don't need anything more than a simple
device like a SOHO NAT Router. You need to understand that routing is
not the same function as firewalling.
What would you suggest to a client that has 4 web servers and a single
SQL server, and not doing EDI or other financial transactions on their
setup?
Many home users have web servers and database servers running on their
network, some don't even know they do. Many home users have more than
one system on their network, and we've not even talked about Wireless
routers being marketed as firewalls!
As for the DFL-80, it's the same as the Linksys BEFSX41 and the BEFVP41
with the exception that neither of the Linksys units act as PPTP
Clients/end-points. I bought a DI-804HV for a client, they needed
inbound PPTP sessions to a 2003 server and I don't consider it a
firewall either, it's a NAT ROUTER with some nice features, but it's not
a firewall.
I was looking at something to explain the way you think - Lars gave some
good examples of it, but I like to think like this:
Firewall is like a 4x4 Truck with off-road config
Router is like a VW Bug
Sure, they both get around on wheels, they both have engines, and they
both can route you down the highway, VW is not a 4x4 or even a Truck,
and will never be able to protect you as well in the highway or off-road
as the truck can. The truck is something that people buy when they need
one, or for fun, but the bug is something that people buy to get-by or
for fun. You would not buy a bug to do any serious work.
The same is true with routers - they are great devices to protect home
users from "uninvited connections" but they do nothing to protect users
from their own ignorance, don't stop outbound traffic (in almost every
case) and don't alert the user to questionable traffic in either
direction. If ISP's were to enable NAT as the default install method on
their Cable/DSL devices it would save most people a great many headaches
(and for those that have problems with NAT, they could just request a
public IP).
Have you tried to put your DFL-80 into Drop-in mode? Meaning that the
LAN IP is the same as the Public IP? Have you created rules for mapping
PUBLIC IP to internal PUBLIC IP based on ports / services? All the
firewalls I've used allow me to use Public IP's (with rules protecting)
for Internal IP's.
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: Lars M. Hansen: "Re: Linksys hardware firewall enough...?"
- Previous message: Kenneth: "Re: Linksys hardware firewall enough...?"
- In reply to: Gary: "Re: Linksys hardware firewall enough...?"
- Next in thread: Gary: "Re: Linksys hardware firewall enough...?"
- Reply: Gary: "Re: Linksys hardware firewall enough...?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
