Lisa, not to knock your extensive experience with commercial equipment, but I've often found such to be more trouble than they are worth. Now, I am not an "ordinary computer user" like most. I tend to go with what works with a minimum of overhead on a powerful machine (900Mhz CPU. OpenBSD 4.2 and pf firewall and 3 NICS ). 1 rul of thumb I have, if a service doesn't need to be on the firewall, THE DON'T INSTALL IT THERE!. VPN, DNS, TOR, any of these should never go on a firewall (its one of the reasons why a home or commercial devvice will fail, its a security risk). I don't even like wobservers on firewalls. I like having an internally facing ssh or telnet server (I did say internally facing) and pf is very nice on rulesets 9its more easy to learn than iptables/ipchains). Now, I know I don't have the level of experienience you do, but from my point of view, I find that unless I am rich, I simply cannot afford the expensive equipment (corporate level stuff) not can I afford the cheapo off the shelf crapola at best buy. Given the choices, I'd rather build me own. anyway, thats my 2 cents worth on this subject. :) Lisa Kachold wrote: > Hi Mark, > > As a technical professional, I have weighed the benefits and costs of SOHO > "routers" against what can be expected in production equipment. > > I find that the stability, functions and maintenance of most of these > LinkSys and Netgear devices are not worth the cost; generally they must be > tinkered with extensively, rebuilt and upgraded to even partially work. > > I have had a couple of Netgear and LinkSys firewalls, including VPN so > called "Small Business" firewalls. I have built my own firmware, added > second party firmware, WRT and studied extensively the image and > configuration when the devices fail. I find there are extensive security > issues inherent in most of these devices that allow them to fail over under > distributed packet assault and allow one of three things to happen: remote > access, firmware upgrade or management via http on wan side. NOTE: I have > not evaluated dlink or other manufactures offerings. > > Here's an at a glance comparison of home broadband "routers": > http://compnetworking.about.com/od/broadband/tp/dslcablerouters.htm > > While I strongly liked OpenWRT, because I essentially had a sweet little > linux system, I did not find that the security features were robust enough; > no IDS function was available for real time packet inspection (like in a > ProSafe LinkSys Business Router); no VLAN or IPS features. Configuring the > firewall, while easy for me might not have been so easy for another since > extensive inbound and outbound rules needed to be set via IPTABLES. And > when I was done, the OpenWRT ssh and distributed networking STILL was not > able to withstand a distributed DoS with low level fuzzing attack - again > falling over and allowing escalated privs. > > With that said, I strongly suggest that you completely sidestep "home" > versions and look at small business products. > > Cisco has some new offerings that should perform better and include some > suite functions: > http://www.infoworld.com/d/storage/cisco-delivers-security-storage-uc-small-business-624 > > Also, you do realize you can just get yourself a used Cisco 877 ADSL or ASA > 5500 (do you already have an ADSL modem too) and have a VPN via Cisco VPN > client that works with Linux well: > > http://www.pcmall.com/pcmall/shop/detail.asp?dpno=562971&Redir=1&description=Cisco-877%20ADSL%20Security%20Router%20Wireless%20802.11g%20FCC%20compliant%20+%204-port%20Switch-WAN%20Routers,%20Gateways,%20etc > . > > > > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss