Re: [Newbie alert!] Is the Linksys BEFSX41 hardware Firewall/router a "real" firewall?
From: Melissa (willkayakforfoodREMOVE_THIS_at_gmx.net)
Date: 03/28/05
- Next message: optikl: "Re: Removed Symantec IS"
- Previous message: melvin: "Re: Removed Symantec IS"
- In reply to:(deleted message) Leythos: "Re: [Newbie alert!] Is the Linksys BEFSX41 hardware Firewall/router a "real" firewall?"
- Next in thread: Leythos: "Re: [Newbie alert!] Is the Linksys BEFSX41 hardware Firewall/router a "real" firewall?"
- Reply:(deleted message) Leythos: "Re: [Newbie alert!] Is the Linksys BEFSX41 hardware Firewall/router a "real" firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 27 Mar 2005 16:01:42 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hi Leythos,
On Sun, 27 Mar 2005 21:22:20 GMT, you wrote:
[snip]
>> I also use quality AV/AT products ...
> I don't use/know about AV/AT, but as long as you're comfortable with
> it, as long as it scans in/out bound email to your mail server for
> your email client, then it should be good enough.
"AV/AT" is not a particular product name...it's short for
"Anti-Virus/Anti-Trojan". :-) I use NOD32 for AV, BOClean for
background AT, and TDS-3 for on-demand AT and a few other included
utilities. I also scan regularly with several different
anti-adware/anti-spyware programs, and regularly scan with
"HijackThis". They never find anything more than a tracking cookie
every once in a very great while. Most of the time, I keep only three
cookies on this machine, and all others are blocked by default.
[snip]
> For personal email, I never send encrypted emails, if I have
> something sensitive I either password a PDF/Word document or I
> PKZip it and send it that way. I use to use a encryption program
> years back, but it proved to be to much work for the receivers and
> they stopped asking me to use it.
Well, just as you can appreciate the bit of work it might take to
understand a hardware/firmware firewall solution enough to properly
implement it, I'm sure you can also appreciate the *small bit* of
work it takes to understand and use more secure encryption methods.
Comparing your methods of document encryption as described above with
something like OpenPGP public key encryption is sort of like
comparing a software PFW with a WG Firebox SOHO unit. :-)
If anyone wishes to correspond with me on a personal level beyond what
we might put on a postcard, I will ask that they use PGP or GnuPG
encryption. If they need to learn how to use these, I'm happy to
teach them (and I've taught many over the years; and continue to).
With several decent email clients now supporting PGP or GnuPG to
various levels of easy integration, strong encryption is no longer
very inconvenient at all.
[snip]
> Actually, that mode is part of the problem, "if a person is careful
> about not getting their computer infected in the first place, the
> threat level is greatly mitigated" - Always operate like you are
> compromised or will soon be compromised. Never accept that you are
> safe enough.
Of course I don't, hence my continued interest in all things
security/privacy related (a reluctant interest, but one I recognize
as being necessary). It's the reason I take the time to read this
and any number of other security related news groups and mail lists.
Feeling relatively confident with one's own "system" of threat
mitigation is something different than feeling "safe enough" and
becoming complacent. In spite of my "careful practices" (which
includes much more than just not clicking on any old thing), I do
still run what I consider to be reasonable AV/AT software to protect
against the truly unexpected (while still understanding that even the
best of these are not 100% perfect 100% of the time).
> Don't take that wrong, I don't mean you need to run two routers with
> 800 PFW's and stand on your head with rubber gloves when you
> browse, but don't assume that you've secured your PC properly.
Unless you're really misunderstanding me here, you'll know that I'm
not assuming anything. :-)
>> Again, "easily spreading viruses/worms" makes the assumption that a
>> person is clueless to begin with; which is true often enough in
>> both home and work environments, but this is not something I'm
>> particularly concerned with in my own circumstance.
> You should be concerned about it, even I don't assume I'm secure.
> I've been working with systems since the 70's, never had a single
> virus/compromised system in all those years (not even a clients
> machine), but I never assume that we're secure enough. At the same
> time, I still allow people to browse the web, get attachments,
> etc....
Perhaps it's just a misunderstanding here, but my not being
"particularly concerned" with regards to my own circumstances only
means that I feel I've taken, and continue to take, reasonable and
*more than adequate* measures to protect my machine. I'm always
vigilant, but I don't sit here and fret about viruses and such all
day either, because I'm comfortable with my "system" of avoiding them
in the first place (or catching them with specific software if other
forms of avoidance might ever fail; so far, so good). *One aspect*
of my "system of avoidance" does indeed involve running on-access
anti-virus and anti-Trojan software, though I make it a point to
mention that these are "backup" or "insurance", and not "primary,
first line of defense" from my point of view. I don't think I'm
really taking anything for granted. I just know that it's highly
unlikely that my machine will become infected (like you, I've never
had a single problem in this regard in all the years I've had a
computer, and it's not just due to good luck).
> Again, operate on the idea that you're only 75% secure, never 99.9%
> secure and you'll really have it a lot easier.
Again, methinks you've misunderstood my reference to "99.9%", though I
don't disagree with your words of reasonable precaution. I wrote
that in reference to all the things one can do in terms of "safe
computing practices" that will indeed make it so that one's AV/AT
software has little to do but twiddle its thumbs and occasionally pop
up a warning about something that hasn't yet become critical. Even
without such warnings, do you really think I'd click on a file called
"penIs.scr"? Or even on an innocent looking .zip file that I wasn't
specifically expecting? I follow my own "strict yet practical"
protocol with regards to dealing with attachments, downloaded files,
web filtering/blocking, software choices and configurations, OS
tweaking, etc., and so far, I've not been disappointed. I really
don't think any of this indicates an overconfident attitude with
regards to potential risk versus general comfort level. I only wrote
"99.9%" instead of "100%" because "one just never knows", hence my
use of AV/AT software in spite of my level of comfort and confidence.
;-)
> I have several Watch Guard Firebox units, even a couple of the
> smaller SOHO6tc units, and I still use Symantec Corp, I won't
> install McCrappy on anything.
Like I said in my previous post, I haven't used Symantec *Corporate*,
but I have had enough experience with NAV *home edition* (both
personally several years ago and with several machines of friends and
family more recently), and I have about as much respect for NAV home
edition as I do for McAfee, which isn't much. Detection is only one
part of the equation (even in this regard I feel there are better AVs
available than these two). Stability, resource usage, ease of
removal, etc. are other things to think about; as well as tech and
customer support. NAV and McAfee may have been the "big boys" in the
past for some good reasons, but for the past several years, I can
only conclude that their continued popularity is more a result of
aggressive advertisement and product placement than anything having
to do with their overall performance. There are simply much better
products available.
> BEGIN PGP SIGNATURE-----
[snip]
> Just thought you might want to know, unless you are passing messages
> that "require" authentication, your signature is just wasting
> bandwidth across the world. There is nothing that proves your
> message came from you, not even the signature. I can copy/paste it
> into a message and look just like you and very few people would
> know the difference.
Perhaps I'm not signing my messages in this way just for your benefit
or for the benefit of *most* other people?
> Usenet norms are 4~5 lines for a sig - just thought you might want
> to know.
The use of OpenPGP signatures is mentioned in Usenet Netiquette as
being acceptable, and PGP/GnuPG digital signatures fall *outside* the
realm of the 4-5 line "recommended signature guideline" for
non-digital "regular" signatures:
=================================================================
- From RFC 1855 | Netiquette Guidelines
3.1.3 NetNews Guidelines
[snip]
- Forging of news articles is generally censured. You can protect
yourself from forgeries by using software which generates a
manipulation detection "fingerprint", such as PGP (in the US).
==================================================================
I have my reasons for signing my messages (from actual experience, not
just conceptual paranoia), and I apologize if it bothers you. As you
yourself alluded to, one person's threat model may be different than
another's. I won't bore you with the reasons I sign my posts here and
elsewhere, but I'm sure that you can find more interesting things to
complain about if you really try. :-)
- --
Melissa
PGP Public Keys: http://www.willkayakforfood.tk
-----BEGIN PGP SIGNATURE-----
iQCVAwUBQkdJVjEYqNTZBqoEAQPLgwQAm9M0ZuROwLHqKwrgZjJHmT+f5fERyOCU
gcTJJdFC8e4pcvhx1IIakQh+1Drm+HMqFUU1PNXiTVpkaVTfQE6r1U2Cs6o5jFQD
E43tRwYUxCv7plZAvgOj19dtL0UV3Zp3sdIIau8zxHSouNkVJ69XzjE5FrGgpkdu
/J8mllsFC3Y=
=iwoE
-----END PGP SIGNATURE-----
- Next message: optikl: "Re: Removed Symantec IS"
- Previous message: melvin: "Re: Removed Symantec IS"
- In reply to:(deleted message) Leythos: "Re: [Newbie alert!] Is the Linksys BEFSX41 hardware Firewall/router a "real" firewall?"
- Next in thread: Leythos: "Re: [Newbie alert!] Is the Linksys BEFSX41 hardware Firewall/router a "real" firewall?"
- Reply:(deleted message) Leythos: "Re: [Newbie alert!] Is the Linksys BEFSX41 hardware Firewall/router a "real" firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
