Router/Firewall Recommendation
Rodolfo J. Paiz
rpaiz at simpaticus.com
Thu Jun 24 07:14:06 UTC 2004
At 12:17 AM 6/24/2004, Otto Haliburton wrote:
>glad you have the time and energy to do what you do and it works for you.
>With all the maintenance and stuff, I am glad you have the time to do it and
>I can tell you are deep into it.
Well, I did spend more time learning... but given any PC with two network
cards (or one connection to the Internet and one network card) I can be
online and working in less than 1 hour. That's less time than it would take
to drive to Office Depot and back. As I said, pros and cons on each side.
>For $40 dollars, I can put my computers
>behind a firewall and forget about it cause it ain't going to be hacked by
>anybody and it has good performance and reliability.
History proves conclusively that anyone who says "it can't be done" (and
especially "it can't be hacked") is eventually proven wrong. Come on... the
NSA, CIA, and many *major* banks worldwide have been hacked, but your
little blue box is perfect? Right.
>Are you more secure no.
I'd be happy to see you provide any evidence for that statement.
>I mean large
>corporations would have a perfect solution with your hook up but they are
>very vulnerable with this setup.
Please explain where the vulnerability lies, since to you it's obvious.
Also, when showing any vulnerability, please show how that does not apply
to the LBB (Little Blue Box since I'm tired of typing that so often and I
don't want to specifically pick on Linksys). My Linux box is a router,
firewall, gateway, masquading server with DHCP. So is your LBB. Where do
you see the vulnerability?
Also note that this setup has run nicely at my home, my mom's home, my
wife's three-person office, etc. for years now. Three boxes are over four
years old. *None* of them require more than 15 minutes a month from me. And
the LBB's I oversee *also* need that time... firmware updates,
configuration changes, etc.
>Routers have their problems and in to
>enable certain features you can open up, but for all practical purposes
>individuals don't need to do that. So for the cost factor you can't beat
>the hardware router. Cheers!!
Hold on: you've said that routers have their problems and they are
vulnerable. You've especially stated that "large corporations" are very
vulnerable. I see two problems:
1. There is a direct contradiction in your statement that routers
are vulnerable but that your LBB is perfect, since of course your LBB *is*
a router. Note your last line re "the hardware router."
2. There is an implicit contradiction (in what I consider common
sense) in your statement that large corporations are very vulnerable, since
it sounds like you are saying that a $3,000 box with Firewall/1 on it
(which is the *only* thing that product line does) or an ICSA-certified
defense-in-depth firewall is going to be somehow less secure than the $50
LBB in which you place your undying faith.
Given that #2 is an interpretation, I might be misreading you.
I'll also disagree with the "routers have [...] certain features you can
open up, but for all practical purposes individuals don't need to do that."
First off, the LBB is a router, and it has features you can open, and ports
you can forward. How is that any different? Second, who are you to tell all
individuals what they do and don't need? Ed Wilts just posted recently
about the web and mail servers he runs behind an LBB... should he shut them
off? Third, since the LBB *does* allow you to open up ports (incoming and
outgoing) and forward ports to other machines, and since you say the LBB is
perfect, then opening and forwarding ports *must* be secure, right?
Finally, re the cost factor: you buy N LBB devices for $40 each. I set up
firewalls that generally cost me $0 each. For N>0, the LBB is going to be
more expensive in direct cost. Did I have a learning cost? Yes! Say that
cost was ridiculously high... $4,000 of my time invested. So after 100
boxes, I'm breaking even monetarily but the reality is that I don't care
because (a) I wanted to learn it and (b) it didn't cost me $4,000. If
anything it cost me $500 in time, and I *have* set up easily 25 firewalls
so far. $500 cost, $1,000 saved... I'm ahead.
Is everyone going to want to do this my way? No. Are they wrong? No. Is my
path and solution a valid one? Yes. Am I wrong? No.
Care to comment? Because you are not proving anything to me so far.
And Otto, P-L-E-A-S-E!!!!! trim previous posts from your reply. It's
downright rude to force everyone to read through four pages of prior text
*again* because you didn't take the time to format a post properly. Keep
whatever you need, but don't just resend the whole damn thing. It's *not* nice.
--
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com
More information about the redhat-list
mailing list