Soldato
- Joined
- 15 Jan 2004
- Posts
- 14,199
- Location
- Hall
No, expensive enterprise kit = essentially a linux box running something like a smoothwall.growse said:
How secure is your computer? Shields Up!
- Thread starter Richdog
- Start date
growse said:
I'd actually say the opposite; more expensive kit allows more advanced configurations - which could mean a user would inadvertently allow vulnerabilities through where a standard home kit would not.
Don't get me wrong... I'm fully aware of how more robust an advanced firewall topology can be compared to a ‘ready to go’ home setup given the right situation – but to say outright that one is completely inferior to another is plain stupidity in my eyes.
Man of Honour
- Joined
- 31 Jan 2004
- Posts
- 16,338
- Location
- Plymouth
garyh said:
Yeah, ok, you've kinda got to assume that competance is a constant here. Expensive kit in the hands of a competant engineer is always going to be more secure, more flexible and more reliable than a piece of free software in the hands of someone competant. Equally, any firewall in the hands of a muppet is practiacally worthless to the end user (even if they are a muppet).
I'm perfectly aware of the ability of some industries to create entire markets on FUD, but I'm really not convinced that the enterprise firewall market is one of those.
Phnom_Penh said:
Yes, because that scales, is wonderfully redundant and has great support. </sarcasm>
Last edited:
Soldato
- Joined
- 15 Jan 2004
- Posts
- 14,199
- Location
- Hall
Yer, that's why Fortinet got done for having Linux kernal code in their Firewallsgrowse said:
.No firewall or AV here (other than NAT) and I've never had any problems. Been on the wibbly wobbly web since '94 too.
Oh and don't listen to Steve Gibson. He's insane. He lost all his remaining reputation when that WMF metafile flaw was discovered and he literally went on record as saying "This cannot be anything other than Microsoft delibrately placing a backdoor into Windows!!!" "Steven you realise the seriousness of this accusation?" "Yes I do Tom, but as far as I'm concerned this is a delibrate backdoor placed into Windows!!!"
Oh and don't listen to Steve Gibson. He's insane. He lost all his remaining reputation when that WMF metafile flaw was discovered and he literally went on record as saying "This cannot be anything other than Microsoft delibrately placing a backdoor into Windows!!!" "Steven you realise the seriousness of this accusation?" "Yes I do Tom, but as far as I'm concerned this is a delibrate backdoor placed into Windows!!!"
Last edited:
Associate
- Joined
- 24 May 2003
- Posts
- 1,429
- Location
- UK
Your a braver man than INathanE said:
I always thought that AV was essential
Phnom_Penh said:Yer, that's why Fortinet got done for having Linux kernal code in their Firewalls
So, one bad company steals some code from the linux kernel, and suddenly the entire enterprise firewall market is a great big fraud designed to extort money from corporations based on FUD?
You're apparently talking out of your arse.
Soldato
- Joined
- 15 Jan 2004
- Posts
- 14,199
- Location
- Hall
No I think you like to exaggerate things a lot.growse said:
Enterprise firewalls are all essentially stateful iptables, similar to free firewalls which can be run perfectly on a linux box.tolien said:
What he said.
But what does this have to do with the OP?
Again, what he said. I think that my original point is that you can benefit from having something like an enterprise-grade adsl router/firewall in the home over and above something like smoothwall (noise/heat factored in here as well - a silent pc running smoothwall might not be especially cheap, unless you're *very* determined), but you have to know how to configure it properly.
That said, smoothwall *is* awesome.
If you have a NAT router then your pretty safe on the Internet as long as you don't set it to foward all non-routed traffic or open up all your ports (settings that you specifically have to enable). I have been running one for about 4 years and haven't been subjected to any attacks or trojans due to an Internet attack - this is without any firewall either.
Gibson does discuss a lot of information about stealthing your computer but it is a little excessive for the average user. The people at risk are the clueless people connecting directly to the internet with a USB modem and no security updates. For these people having open ports is the least of their worries.
Gibson does discuss a lot of information about stealthing your computer but it is a little excessive for the average user. The people at risk are the clueless people connecting directly to the internet with a USB modem and no security updates. For these people having open ports is the least of their worries.
Man of Honour
- Joined
- 31 Jan 2004
- Posts
- 16,338
- Location
- Plymouth
Crap sells to the massesNathanE said:
He really is completely insane!
Aye, NAT + Windows Updates + Common Sense = best security solution ever.RobH said:
Stealthing has always been a source of false security. It's a bit like stealthing your house but forgetting to pick up the rubber bands the post man drops outside your door. Forgetting to scrub off the tyre tracks your car makes on a frosty/snowy winter morning. And most importantly, keeping all your windows shut - even during the summer!
Damn that analogy rocks!
Associate
- Joined
- 24 May 2003
- Posts
- 1,429
- Location
- UK
I thought that internet worms didn't need to be executed to infect your PC?NathanE said:
Anyway, if NathanE has been online since 1994 and hasn't been infected then he must obviously be doing something right.
I will continue to use AV though.
“Why is it essential? Viruses can do bugger all to your PC unless you first execute them...”
That’s not been true for a number of years. Virus can jump across a network or download them self’s across the internet and infect your computer. Its common for a virus to scan open ports find a computer and try to infect it.
Its even worse if you haven’t been keeping up with the latest windows security updates.
“Anyway, if NathanE has been online since 1994 and hasn't been infected then he must obviously be doing something right.”
Then again if he doesn’t have an AV he might not know he is infected. His PC could be a zombie PC without him knowing. Most Zombie PC’s owners are not aware they are infected and there computer is sending out spam to loads of people.
I can understand someone not wanting a AV installed and running 24/7 but 1 full system scan a month is a must.
That’s not been true for a number of years. Virus can jump across a network or download them self’s across the internet and infect your computer. Its common for a virus to scan open ports find a computer and try to infect it.
Its even worse if you haven’t been keeping up with the latest windows security updates.
“Anyway, if NathanE has been online since 1994 and hasn't been infected then he must obviously be doing something right.”
Then again if he doesn’t have an AV he might not know he is infected. His PC could be a zombie PC without him knowing. Most Zombie PC’s owners are not aware they are infected and there computer is sending out spam to loads of people.
I can understand someone not wanting a AV installed and running 24/7 but 1 full system scan a month is a must.
Last edited:
Correct. But how will the worm get to me if I'm patched up to date and behind a NAT?
Plus I subscribe to the CERT and ISC mailing lists so I know when to hunker down. Like I did one week before Blaster struck.None of that is possible behind a NAT.
Yup, much much worse. Simply visiting the wrong website can breach your computer in that case.
Of course I'd know
OK I admit there could be a root kit on my PC. But neither myself nor any current AV software would be able to tell. Zombie/trojan software are written by script kiddies who don't know how to hide their process from Task Manager/Process Explorer - so no, I don't think I have any of that on my PC 
I've actually worked in the firewall/AV industry for over 6 years (exited it 2 months ago) and you'll be surprised how many engineers working for the likes of Symantec, Trend Micro, McAfee etc don't actually use any kind of AV or personal firewall crap. Once you understand (and I mean really understand them) the threats you really don't need any help in keeping your PC secure. The NAT + Windows Updates + Common Sense approach can work for anyone who is willing to invest a little time educating themselves about security.
Soldato
- Joined
- 17 Oct 2002
- Posts
- 3,941
- Location
- West Midlands
bigredshark said:
They only do a good job because by default they deny any incomming connection, firewalls are judged by how well they inspect traffic that is allowed through.
If you deny all access from the outside interface to the inside then yes it will do a very good job because you cant crack something that wont allow a connection in the first place.