Re: Firewall for broadband connection
From: Leythos (void_at_nowhere.org)
Date: 11/10/04
- Next message: Kenneth: "Header manipulation...?"
- Previous message: René: "Firewall for broadband connection"
- In reply to: René: "Firewall for broadband connection"
- Next in thread: SECURTYfirewall: "Re: Firewall for broadband connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 10 Nov 2004 12:28:20 GMT
In article <419204f6$0$44063$5fc3050@dreader2.news.tiscali.nl>,
spamisnietleuk@hotmail.com says...
> Dear fellow-subscribers of this NG,
>
> I have a question about the following. Since a while my father (he's retired
> and has a lot of spare time now) has a broadband connection, just on one
> computer, without doing any special things, only surfing, emailing and
> adjusting his favorite toy, Beatnik atomic clock. I have installed ZA on his
> computer, which blocks a lot of attacks, as he spends a lot of time surfing
> the web (he is crazy about it now he has his broadband connection ;-)).
> I have considered buying a hardware firewall for him. I know there have been
> very lengthy discussions about the fact whether router-firewalls are really
> firewalls or not, and I do not understand everything said in those
> discussions.
> Of course he has an anti-virus program installed (AVG from Grisoft), and I
> have managed to get into his head with a very strict "no opening of email
> attachments policy". He is also very strict in checking the automatic update
> process, so threats from inside his computer are probably less likely to be
> important.
>
> I have found the following device I considered of interest:
> http://www.hotbrick.com/Soho401.html.
> My questions are (supposing I would buy & install this device) (and please
> hold in mind that I am not a network expert at all, I am a newbie to this):
>
> 1. Would the protection given by this be better or worse than the one given
> by Zone-alarm?
Anything NOT running on his computer is better - reasoning being that he
can make a mistake and let something through with ZA, and with the
router/firewall appliance he won't be able to configure it.
> 2. Can the system function safely without Zone-alarm installed or would it
> still be needed (and in that case, would it add anything or just be useless?
> And does my father, in his very simple "setting" or "environment" miss much
> from the more expensive devices, or are they only needed when e.g. running
> some sort of server?
Yes, without ZA, the system would still be protected, but with ZA, the
system could detect a problem if he compromises his own system. The dual
layered approach is favorable for people that are likely to be infected.
> 3. Is configuring a device like that difficult?
I reviewed this last night and though it was a nice SOHO unit. It does
not appear to be Drop-In ready, but seems like it would be simple to
install for my mother-inlaw. The manual is very nicely laid out and
seems easy to understand. I'm ordering one to test with.
> 4. How does the device update itself? Automatically without my father having
> to care about it (I may be a newbie but he is even more ignorant and I can't
> visit him every minute of the day).
No, it clearly needs user intervention to apply updates. In most cases,
appliances only need updates for enhancing features, most of the updates
are not to further harden the device. (most of the ones I work with are
very hardened and only add features through updates, but there are some
security updates). With this device, since there is little talk of it in
the groups, it would be hard to say how often they issue updates.
> 5. Is it possible (well, it will be possible, but will it be possible for me
> after doing some reading and researching on the web, I am a newbie but am a
> quick learner and are a bit above the average computer user, though not an
> expert) to install a program which allows me to control his computer when
> using such a device (my father is an expert in messing things up so it would
> be VERY handy if I could fix some things from my place? I suppose this
> question is closely related to question 3.. BTW if there is some sort of
> program that You would specifically recommend for doing this, Your input
> would be very appreciated (I realise this is OT).
Yes, you could to a remote connection many ways - you could buy the VPN
version that permits you to make a direct connection to the unit itself,
which would let you access his computer. You could also install VNC on
his computer, set it to run on a non-standard port (like 34912) and then
connect across the internet to VNC on 34912) and make sure that it's
passworded (with a strong password). If you get one of the remote
control programs that doesn't show an Icon on the task bar he would not
know it's there - so he wouldn't have an opportunity to mess with it :)
> 6. Are there other devices, let's say below 200 euro's (suppose that can be
> more or less compared to 200 US$, it's just an indication), that You would
> recommend above this one? If so, which one('s)? Wireless is not needed as
> his computer is only 4 m away from the access point.
> 7. Any other suggestions?
In his case, as well as many home users, it would appear that all he
needs is a simple NAT device, most run about $50 US. If you were to
install a cheap Linksys BEFSR41 unit, keep ZA on his computer, and get
something like Norton Antivirus 2005 for him, he should be safe. I use
AVG, but install NAV for home users that can afford to purchase a
license. AVG is good, but I trust NAV more.
One other thing - get him a copy of the free SpyBot Search & Destroy at
www.safer-networking.org and a copy of the AdAware SE (free) from
lavasoft.
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: Kenneth: "Header manipulation...?"
- Previous message: René: "Firewall for broadband connection"
- In reply to: René: "Firewall for broadband connection"
- Next in thread: SECURTYfirewall: "Re: Firewall for broadband connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
