Router/Firewall Recommendation

Rodolfo J. Paiz rpaiz at simpaticus.com
Thu Jun 24 07:14:06 UTC 2004 

At 12:17 AM 6/24/2004, Otto Haliburton wrote:
>glad you have the time and energy to do what you do and it works for you.
>With all the maintenance and stuff, I am glad you have the time to do it and
>I can tell you are deep into it.

Well, I did spend more time learning... but given any PC with two network 
cards (or one connection to the Internet and one network card) I can be 
online and working in less than 1 hour. That's less time than it would take 
to drive to Office Depot and back. As I said, pros and cons on each side.

>For $40 dollars, I can put my computers
>behind a firewall and forget about it cause it ain't going to be hacked by
>anybody and it has good performance and reliability.

History proves conclusively that anyone who says "it can't be done" (and 
especially "it can't be hacked") is eventually proven wrong. Come on... the 
NSA, CIA, and many *major* banks worldwide have been hacked, but your 
little blue box is perfect? Right.

>Are you more secure no.

I'd be happy to see you provide any evidence for that statement.

>I mean large
>corporations would have a perfect solution with your hook up but they are
>very vulnerable with this setup.

Please explain where the vulnerability lies, since to you it's obvious. 
Also, when showing any vulnerability, please show how that does not apply 
to the LBB (Little Blue Box since I'm tired of typing that so often and I 
don't want to specifically pick on Linksys). My Linux box is a router, 
firewall, gateway, masquading server with DHCP. So is your LBB. Where do 
you see the vulnerability?

Also note that this setup has run nicely at my home, my mom's home, my 
wife's three-person office, etc. for years now. Three boxes are over four 
years old. *None* of them require more than 15 minutes a month from me. And 
the LBB's I oversee *also* need that time... firmware updates, 
configuration changes, etc.

>Routers have their problems and in to
>enable certain features you can open up, but for all practical purposes
>individuals don't need to do that.  So for the cost factor you can't beat
>the hardware router.  Cheers!!

Hold on: you've said that routers have their problems and they are 
vulnerable. You've especially stated that "large corporations" are very 
vulnerable. I see two problems:

         1. There is a direct contradiction in your statement that routers 
are vulnerable but that your LBB is perfect, since of course your LBB *is* 
a router. Note your last line re "the hardware router."

         2. There is an implicit contradiction (in what I consider common 
sense) in your statement that large corporations are very vulnerable, since 
it sounds like you are saying that a $3,000 box with Firewall/1 on it 
(which is the *only* thing that product line does) or an ICSA-certified 
defense-in-depth firewall is going to be somehow less secure than the $50 
LBB in which you place your undying faith.

Given that #2 is an interpretation, I might be misreading you.

I'll also disagree with the "routers have [...] certain features you can 
open up, but for all practical purposes individuals don't need to do that." 
First off, the LBB is a router, and it has features you can open, and ports 
you can forward. How is that any different? Second, who are you to tell all 
individuals what they do and don't need? Ed Wilts just posted recently 
about the web and mail servers he runs behind an LBB... should he shut them 
off? Third, since the LBB *does* allow you to open up ports (incoming and 
outgoing) and forward ports to other machines, and since you say the LBB is 
perfect, then opening and forwarding ports *must* be secure, right?

Finally, re the cost factor: you buy N LBB devices for $40 each. I set up 
firewalls that generally cost me $0 each. For N>0, the LBB is going to be 
more expensive in direct cost. Did I have a learning cost? Yes! Say that 
cost was ridiculously high... $4,000 of my time invested. So after 100 
boxes, I'm breaking even monetarily but the reality is that I don't care 
because (a) I wanted to learn it and (b) it didn't cost me $4,000. If 
anything it cost me $500 in time, and I *have* set up easily 25 firewalls 
so far. $500 cost, $1,000 saved... I'm ahead.

Is everyone going to want to do this my way? No. Are they wrong? No. Is my 
path and solution a valid one? Yes. Am I wrong? No.

Care to comment? Because you are not proving anything to me so far.

And Otto, P-L-E-A-S-E!!!!! trim previous posts from your reply. It's 
downright rude to force everyone to read through four pages of prior text 
*again* because you didn't take the time to format a post properly. Keep 
whatever you need, but don't just resend the whole damn thing. It's *not* nice.


-- 
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com

More information about the redhat-list mailing list