Let me explain the 'paranoia' that she has. First, she also has a windoze 98 machine that will be online, and it contains some (to her) very important stuff. She is writing a novel on it and doesn't want that info to somehow be copied by a hacker. And two, years ago, someone broke into another machine and wiped about two years work out as it wasn't secured enough. Probably, since I didn't know about the NAT (nor understand that term) firewall already there, I probably will hook up the net to that avoiding messing with smoothwall initially. That is, IF I can disable the wireless probing into it. How do you do that? --- Chris Gehlker wrote: > > On Feb 21, 2004, at 10:43 PM, Craig White wrote: > > > On Sat, 2004-02-21 at 18:12, Chris Gehlker wrote: > >> On Feb 21, 2004, at 2:54 PM, ec wrote: > >> > >>> Chris, total newbie here, just thought I needed > stuff. > >>> Didn't know it had 4 ports, never been on dsl > before > >>> nor been around one to even look at the modem. > >>> > >>> Thanks. > >>> > >>> I want a smoothwall firewall even IF it has 4 > ports. > >>> Wife is paranoid about that. She wont go online > >>> without either being on a 'don't care machine' > or > >>> knoppix live cd and the 'don't care machine'. > But I am > >>> getting dsl because dialup is too slow with two > people > >>> trying to use it at once and I am tired of > waiting > >>> hours for her to finish and vice versa. > >> > >> I don't think she understands what a firewall > really does. The way > >> Qwest configures their routers, only the router > itself is > >> addressable. > >> Your computers are on a private network behind > the router. It's like > >> having an old style switchboard operator that > only puts through > >> outgoing calls. > >> > >> Where they really screw up, though, is they set > the wireless side > >> completely open by default. The wireless side > even broadcasts its own > >> network name. Note that the wireless is 'behind' > your router so any > >> protection between your LAN and the internet has > already been > >> bypassed. > >> > >> So I'd for get the Smoothwall and concentrate on > turning off the > >> wireless. > > --- > > There's nothing wrong with having a firewall in > place even though the > > machine is behind the router. The router could get > hacked, there's been > > instances of that occurring, perhaps not with the > Actiontec (yet > > anyway). > > > > Another machine on the lan could get compromised - > shit happens. She > > may > > have data on that computer that she considers too > sensitive to treat > > casually. > > > > Based upon that, I wouldn't suggest that having a > smoothwall or other > > type of iptables based firewall protection on a > computer even though it > > is behind a router to be a bad idea. > > > What was 'wrong' with the direction that e c was > heading was simply > that the smoothwall was adding redundant protection > at what is already > the strongest point of the system. The system is no > stronger than its > weakest point and that point is the wireless > network. It comes wide > open by default. > > I don't mean to say that packet filtering firewall > behind NAT is always > a bad idea. I think it's overkill for a home LAN > behind NAT with no > data to protect (she's running from CD, remember) no > services turned on > and the built-in firewall there anyway. In a > different context I would > recommend an additional packet-filter firewall. > > Security isn't rocket science but it does take a > little bit of > knowledge. E c was very up front in saying that he > was a total newbie. > I was simply trying to help by pointing out the > biggest vulnerability > first and by urging him to urge his wife to keep > some perspective. I > think the internet is being ruined for some people > because they are > being frightened by the security companies. The > biggest danger is the > scams where someone tricks you into revealing your > credit card number. > The only prevention for that is common sense. The > trick is to be > suspicious enough without being too suspicious. > > --------------------------------------------------- > PLUG-discuss mailing list - > PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail > settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss ===== Cyclists should expect and demand safe accommodation on our public roads, just as does every other user. Nothing more is expected. Nothing less is acceptable! __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss