rosco
Premium
join:2003-11-10
USA
1 edit | Good enough for me
My NAT router along with a free software firewall backup has never failed me. |
|
g0nepostal
I Am The One Her Mom Warned Her About
join:2001-03-23
Concord, CA
clubs:
 ·DSL EXTREME
 ·Astound Broadband
 ·magicjack.com
|  A day late and a dollar short, bud
Even consumer-level firewalls do Stateful Packet Inspection now, so they aren't "NAT only" boxes anymore. To engage in Microsoft-style selling tactics by engaging in FUD is sickening, and Paul Henry should know better.
To be fair, most computer users should at least read the manual when installing a home or SOHO-class router. Securing a router isn't that difficult, but then how many users bother to at least crack open the manual?
It all comes down to personal responsibility. A company vice president should not use FUD to sell their products and instead point out the advantages of using it either in place of or addition to other security methods such as NAT. And home users should at least study the manual to attempt to understand what it is the router is designed to do.
gp |
|
insomx
Premium
join:2003-01-26
Canada | reply to rosco
Re: Good enough for me
But it most probably is possible to crack. Any machine is. |
|
rosco
Premium
join:2003-11-10
USA
·Verizon Online DSL
| Im sure it is remotley possible, but very very difficult especially considering that no one would try that hard to get my mp3's and pictures.
Ill give you my IP and i'd love to see you get in 
But really, I feel that for my needs, my solution gives me the best cost/performance ratio.
It cost me about 40 bucks for the NAT router. And the firewall software is free.
And i've never been hacked, and never had any of these worms affect me. |
|
TheChosenOne2
I Will Bring Balance
join:2003-08-17
Deep River, CT
| Scare Tactics and Marketing Ploys
Um... blocking OUTBOUND port 80? Wouldn't that basically render the NAT box useless for most people who don't know what they're doing? CyberGuard is just trying to sell more of their own firewalls. It's nothing but a scare tactic and a marketing ploy all rolled into one. |
|
Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
·Qwest.net
1 edit | Hmmmm
If you are running in stealth mode with invisible ports
who is going to find you if they can't ping anything, if you can't be found the hacker is going to look for a easier target and there sure is enough of them.
--
Remember when hacking a loogy
it comes not so much from the lungs but from the soul. |
|
DracoFelis
Premium
join:2003-06-15
| reply to rosco
Re: Good enough for me
I personally found this article very misleading, to the point of "crying wolf" (and having just plain FALSE info). While I agree that you don't just put in a "consumer firewall" and expect you are protected from everything out there, they can be a very effective form of defense.
Consider:
1) My SMC Barricade+ (SMC7004FW) does have "stateful packet inspection", as do a number of other "home firewalls". Yet the article claims that this feature is only in "business firewalls".
2) The article claims that "home firewalls" only provide "security though obscurity", but won't actually stop any attacks once someone knows about you. Yet my "home firewall" has protected me from some very serious worms, until I got a chance to patch the Windows box behind it! And I've even tested the firewall by having the "computer security officer" (at my office) "port scan" my box! Sure enough, the ports were blocked from the internet (and the "security officer" has taken classes in "hacking techniques" to better know how to protect against them, so he knows how to check for vulnerable computer systems)!
3) The article claims that home firewalls generally allow "outbound connections" (true), and for "maximum protection" you should start with disallowing everything and only "open up ports" if/when needed (also true). But then the article goes on to say you need a "business firewall" for this protection, which is clearly false! With many "home firewalls" you have the option (if you think the extra security is worth the extra hassle setting things up) to block outbound connections as well! For example, I have my "home firewall" setup to block outbound attempts to use the MicroSoft "filesharing ports", as a way to protect myself against rogue web sites stealing the username and "password hash" for my logged in account! The article seems to claim this isn't possible with a "home firewall"!
4) The article claims that "dial-up users" are reasonably safe from attack (without protection), yet I've seen several cases of dial-up users getting hit by internet worms, often within a few minutes of being connected (especially if/when a virulent worm is currently "on the loose"). While dial-up is slower, and not always on, they are still very vulnerable while they are connected unless they are "protected"! OTOH: My "always on" DSL connection is sitting a lot safer behind it's "home firewall" than any dial-up user!
5) The article mentions that if someone is just using one of these "home firewalls", they are still vulnerable to attacks. I agree with this. One easy example is email based viruses (which will go right past any firewall). But this is also true of "corporate grade" firewalls too! In both cases, anti-virus scanning of your emails is a good idea (and yet the article doesn't make this distinction, and just implies that this is a problem with "home firewalls", vs an inherent limitation of all firewalls)!
All things considered, I have to wonder about the "security experts" that wrote that article! IMHO they either "don't have a clue", or are deliberately "misleading the public" to sell their own "solutions". Either way, I plan to never do business with these turkeys.... |
|
mod bait
Premium
join:2001-06-11
Rochester, NY |  How original...
Someone selling security products is telling us that we're not secure enough. Gee whiz, that's never happened before.
Better get underneath a bridge; the sky is falling. I hope I don't break my jaw by yawning too vigorously. |
|
JohnInSJ
Premium
join:2003-09-22
San Jose, CA
·Comcast
| "You're never really secure enough"
"but 99.44% of home user's aren't secure at all"
rather than attempt to "scare" people who have actually bothered to install some kind of firewall, how about making basic software firewalls integral to every home system, and enabled out of the box?
If 99% of the boxes on the net were at this "false sense of security" level, we'd not have nearly as much worm traffic, would we? |
|
72276539
Premium
join:2001-01-19
Atlanta, GA
| said by JohnInSJ  :
"but 99.44% of home user's aren't secure at all"
rather than attempt to "scare" people who have actually bothered to install some kind of firewall, how about making basic software firewalls integral to every home system, and enabled out of the box?
If 99% of the boxes on the net were at this "false sense of security" level, we'd not have nearly as much worm traffic, would we?
Ummm, this has been tried already and Microsoft got ripped a new arsehole about it.... so why should anyone bother putting a firewall on a system people will just disable.
Worm traffic would not be bad if people didn't open outlook messages with dangerous attachments and keep their systems updated.
--
some people believe in astrology others believe in technology some people believe in all those -ologies but i believe in swordfish |
|
dardin
join:2002-11-19
Tucson, AZ
| kind of a pointless article
I mean, everyone knows NOTHING is 100% secure. Nothing! The biggest security risk will always be the human factor. You can have the most secure network in the world but all it takes is one dumbass on the network downloading viruses/trojans, opening email attachments of viruses/trojans, hooking up a laptop to the network that is infected with a worm and the list goes on. |
|
preskool69
join:2003-03-07
Tulsa, OK | reply to Transmaster
Re: Hmmmm
what r u talkin about, running in stealth mode with invisble ports on what kind of magical router. Too bad there wasnt such a thing it would make us network techs work alot easier |
|
GenBlood
@attbi.com
| reply to mod bait
Re: How original...
I read the information and there is some truth to it.
Devices like Linksys and Dlink that does NAT and that
act like switches might be a weak link. There is alot
of good products out now that can protect your home
network. You can setup a linux box with two nics and
configure a firewall with iptables and rules. You can
download a GPL app like Smoothwall and IPCop an
setup a firewall with a older PC and a few old nic
cards hanging around. If you have a friend that knows
about linux and firewalls. You can have him config it
for you and install it. If it is setup correctly he
can monitor it and have it email you and himself if
something happens...
What I'm saying is people need to take more interest
in it and learn what firewalls our and how to properly
use them. |
|
PunkGod
join:2003-02-02 | reply to dardin
Re: kind of a pointless article
I use a cisco firewall to protect me. |
|
The Beer
I Love It When A Plan Comes Together
Premium
join:2001-07-24
Omaha, NE
clubs:
·ViaTalk
| Yes and we should all have IDS systems
Ok either put the security on the side of the ISP or shut up!
If someone spends $99.99 to protect their home computer that should be enough, either Micro$oft or the ISP's need to get to work.
If a security venodor has that to say about a home product, then they have work to do. |
|
wtansill
Ncc1701
join:2000-10-10
Falls Church, VA
| reply to preskool69
Re: Hmmmm
I run an SMC Barricade NAT box/router along with a software firewall and anti-virus software. I regularly visit Gibson Research, as well as DSL Reports and have my machine scanned. Periodically I visit other sites that offer scanning services as well. To date every one of them has essentially told me that if I hadn't provided an initial IP address for them to test, they would never have found me -- all of my ports are identified as "Stealth mode", non-pingable, and invisible to port-scanning bad guys...
--
That which does not kill me merely prolongs the agony. |
|
SKiTLz
join:2002-10-25
Canada | reply to PunkGod
Re: kind of a pointless article
u use a pix at home? |
|
wtansill
Ncc1701
join:2000-10-10
Falls Church, VA
| reply to 72276539
Re: "You're never really secure enough"
said by 72276539 :
Ummm, this has been tried already and Microsoft got ripped a new arsehole about it.... so why should anyone bother putting a firewall on a system people will just disable.
Worm traffic would not be bad if people didn't open outlook messages with dangerous attachments and keep their systems updated.
I must not have gotten the memo -- could you please point to any info on M$ being ripped a new one for including firewall software?
--
That which does not kill me merely prolongs the agony. |
|
hescominsoon
join:2003-02-18
Brunswick, MD | reply to SKiTLz
Re: kind of a pointless article
nod this is FUD...I use Astaro Security Linux here at the house..Frankly if somebody gets by it they are either really really good..or i did something incredibly stupid..:)
--
God Blesshttp://www.faithwalk.org |
|
PunkGod
join:2003-02-02
| reply to SKiTLz
said by SKiTLz :
u use a pix at home?
No not a pix.
I have the Cisco 831. |
|
