Re: Firewall for broadband connection
From: René (spamisnietleuk_at_hotmail.com)
Date: 11/14/04
- Next message: <©¿©>: "Re: Specific protections from "true" firewall...?"
- Previous message: JP Loken: "Re: Kerio 2.1.5 vulnerability"
- In reply to:(deleted message) Leythos: "Re: Firewall for broadband connection"
- Next in thread: Leythos: "Re: Firewall for broadband connection"
- Reply:(deleted message) Leythos: "Re: Firewall for broadband connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 14 Nov 2004 13:39:38 +0100
Dear Leythos and Jeff,
Thank You very much for replying. I have added some questions in Your
posting below. I hope You will be willing to have a look at them:
"Leythos" <void@nowhere.org> schreef in bericht
news:MPG.1bfbd26bfb3e92bd9899e0@news-server.columbus.rr.com...
> In article <419204f6$0$44063$5fc3050@dreader2.news.tiscali.nl>,
> spamisnietleuk@hotmail.com says...
> > Dear fellow-subscribers of this NG,
> >
> > I have a question about the following. Since a while my father (he's
retired
> > and has a lot of spare time now) has a broadband connection, just on one
> > computer, without doing any special things, only surfing, emailing and
> > adjusting his favorite toy, Beatnik atomic clock. I have installed ZA on
his
> > computer, which blocks a lot of attacks, as he spends a lot of time
surfing
> > the web (he is crazy about it now he has his broadband connection ;-)).
> > I have considered buying a hardware firewall for him. I know there have
been
> > very lengthy discussions about the fact whether router-firewalls are
really
> > firewalls or not, and I do not understand everything said in those
> > discussions.
> > Of course he has an anti-virus program installed (AVG from Grisoft), and
I
> > have managed to get into his head with a very strict "no opening of
email
> > attachments policy". He is also very strict in checking the automatic
update
> > process, so threats from inside his computer are probably less likely to
be
> > important.
> >
> > I have found the following device I considered of interest:
> > http://www.hotbrick.com/Soho401.html.
> > My questions are (supposing I would buy & install this device) (and
please
> > hold in mind that I am not a network expert at all, I am a newbie to
this):
> >
> > 1. Would the protection given by this be better or worse than the one
given
> > by Zone-alarm?
>
> Anything NOT running on his computer is better - reasoning being that he
> can make a mistake and let something through with ZA, and with the
> router/firewall appliance he won't be able to configure it.
>
> > 2. Can the system function safely without Zone-alarm installed or would
it
> > still be needed (and in that case, would it add anything or just be
useless?
> > And does my father, in his very simple "setting" or "environment" miss
much
> > from the more expensive devices, or are they only needed when e.g.
running
> > some sort of server?
>
> Yes, without ZA, the system would still be protected, but with ZA, the
> system could detect a problem if he compromises his own system. The dual
> layered approach is favorable for people that are likely to be infected.
You mean that suppose e.g. a trojan horse gets on his computer, ZA will
notice the outgoing data, and the external firewall wouldn't?
> > 3. Is configuring a device like that difficult?
>
> I reviewed this last night and though it was a nice SOHO unit. It does
> not appear to be Drop-In ready, but seems like it would be simple to
> install for my mother-inlaw.
Wouldn't she be willing to do some configuring at my father's place ;-) ?
> The manual is very nicely laid out and
> seems easy to understand. I'm ordering one to test with.
When do You expect to get it? I hope that You will post Your findings about
the machine here. I am already quite sure I want to get one but maybe You'll
have more info soon...
> > 4. How does the device update itself? Automatically without my father
having
> > to care about it (I may be a newbie but he is even more ignorant and I
can't
> > visit him every minute of the day).
>
> No, it clearly needs user intervention to apply updates. In most cases,
> appliances only need updates for enhancing features, most of the updates
> are not to further harden the device. (most of the ones I work with are
> very hardened and only add features through updates, but there are some
> security updates). With this device, since there is little talk of it in
> the groups, it would be hard to say how often they issue updates.
What I was wondering about, when someone discovers some new sort of weak
spot in Windows and the owner of the computer has not updated his OS
immediately and there is an update of e.g. ZA, will the firewall, in this
case ZA, also help protecting the user from attacks that aim at this weak
spot? And if the answer is "Yes", is there a difference in the protection of
this kind between a firewall like ZA and an external firewall?
I do not fully understand that many firewall-applications like ZA get
updates very often while an external firewall does not need security-updates
that often, like You stated (You might read this line as "I don't believe
You", but that is not correct, I actually don't understand why one firewall
needs "adjusting of it's hardening" more often than the other one).
> > 5. Is it possible (well, it will be possible, but will it be possible
for me
> > after doing some reading and researching on the web, I am a newbie but
am a
> > quick learner and are a bit above the average computer user, though not
an
> > expert) to install a program which allows me to control his computer
when
> > using such a device (my father is an expert in messing things up so it
would
> > be VERY handy if I could fix some things from my place? I suppose this
> > question is closely related to question 3.. BTW if there is some sort of
> > program that You would specifically recommend for doing this, Your input
> > would be very appreciated (I realise this is OT).
>
> Yes, you could to a remote connection many ways - you could buy the VPN
> version that permits you to make a direct connection to the unit itself,
> which would let you access his computer.
Yes, but the VPN version is much more expensive (iirc 350 $ vs. 100$) and
quite soon I am going to get a broadband connection as well, so I would like
to buy two of those firewalls (note at the same time, first one to see if I
like it). I presume VNC is an application that does the same thing but from
within his computer?
> You could also install VNC on
> his computer, set it to run on a non-standard port (like 34912) and then
> connect across the internet to VNC on 34912) and make sure that it's
> passworded (with a strong password).
I think this is what Jeff mentions in his reply. I agree with him that the
safest thing to do, would be to visit my father, but maybe there is a way in
which he can enable the software after we have spoken each other on the
phone and disable it after the problem has been fixed. Then again, I guess
this would imply having to re-configure the FW every time which perhaps be
too difficult for him.
What I have been wondering about is, whether a VPN-connection can be used
when one doesn't have a fixed IP-address (we don't)(and we are happy about
that). How does one computer manage to find the other one? Or do You need to
get the address from one computer and tell it to the program on the other
one?
And what about program like PC-anywhere? Would something like that be
usefull in our situation?
Suppose I would have a VPN. What would that look like on the computer? Is it
just an extra computer in "My network places"? Or would it be possible to
actually make my computer show everything from his computer, I mean, would I
see his desktop and be able to use the applications on his system just as if
I was working on his computer in his living room?
> If you get one of the remote
> control programs that doesn't show an Icon on the task bar he would not
> know it's there - so he wouldn't have an opportunity to mess with it :)
You higly underestimate the messing capabilities of my father... ;-).
Is there any such program that You would especially recommend? (Preferably
open source or freeware off course, but the quality is the most important).
I might already do some reading if You'ld have some names for me.
> > 6. Are there other devices, let's say below 200 euro's (suppose that can
be
> > more or less compared to 200 US$, it's just an indication), that You
would
> > recommend above this one? If so, which one('s)? Wireless is not needed
as
> > his computer is only 4 m away from the access point.
> > 7. Any other suggestions?
>
> In his case, as well as many home users, it would appear that all he
> needs is a simple NAT device, most run about $50 US.
Yes, but if the extra 50$ to get the "real" firewall from hotbrick, and this
does add something to the protection quality, my father will be more than
happy to spend it. Apart from that, it get's paid by the union my father
does some volunteer work for on his computer (only small with not many very
private data, mostly only names and adresses).
Another question that came to my mind is the following. Hot brick has many
firewalls, and many are very expensive. Is there also a difference in the
specific "firewalling" capabilities between those, or is it just the other
specs that differ, like managing many users and providing VPN-services?
> If you were to
> install a cheap Linksys BEFSR41 unit, keep ZA on his computer, and get
> something like Norton Antivirus 2005 for him, he should be safe. I use
> AVG, but install NAV for home users that can afford to purchase a
> license. AVG is good, but I trust NAV more.
> One other thing - get him a copy of the free SpyBot Search & Destroy at
> www.safer-networking.org and a copy of the AdAware SE (free) from
> lavasoft.
Sorry, forgot to mention this in my first posting, but he already has those
programs.
If You would allow me to just ask one more question that is a bit OT in this
NG, I would be very gratefull (I ask it because we are talking about
networking already and the two of You seem to know what Your talking about).
I would very much like to learn to fully configure a network WITHOUT using
wizards, because after having used a wizard, I still haven't got the
faintest idea about what I have actually done. I am reading the book "TCP/IP
unleashed" which is very good (and thick), but not everything I want to know
is in there. Usually when You buy a book about networking, it starts telling
about all the kinds of cables there are and such. I am not interested in
that. Many tutorials/books also explain how to use those wizards (I think
they are clear enough themselves). Worst are the books that first start
talking about the wiring and then tell You how to configure the network with
the wizards. I have not been able to find a tutorial with google that
thoroughly explains the real configuring of a network, without using the
wizard. I don't know which words to use in Google. If You say "-wizard", You
will also "loose" the pages that say "Have You ever wanted to configure Your
network without wizards? Then this is the page for You!", which would be
exactly what I want. So my question is: Does anyone of You know of a good
tutorial on the web, or a book, that will show me how to fully install and
configure a network without using those stupid wizards that hide everything
from You?
Again I thank You very much for Your replies, and also I thank You in
advance for reading this posting.
Enjoy Your sunday!
Sincerely,
Rene
- Next message: <©¿©>: "Re: Specific protections from "true" firewall...?"
- Previous message: JP Loken: "Re: Kerio 2.1.5 vulnerability"
- In reply to:(deleted message) Leythos: "Re: Firewall for broadband connection"
- Next in thread: Leythos: "Re: Firewall for broadband connection"
- Reply:(deleted message) Leythos: "Re: Firewall for broadband connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
