|
SkorpivoMusterion
Livin in theTwilight Zone...


Registered: 01/30/03
Posts: 9,954
Loc: You can't spell fungus wi...
|
Attn: Firewall Users
#5323827 - 02/21/06 12:10 PM (17 years, 11 months ago) |
|
|
Sell me the best firewall technology there is. I want the top-of-the-line protection that'll give me security that's tighter than fish's ass.
What or who is THE leader of Firewalls today?
And question: Do I still need a firewall if I am connected through a router?
-------------------- Coffee should be black as hell, strong as death, and sweet as love.
|
OJK
Stranger

Registered: 06/08/03
Posts: 10,629
|
|
If the router has NAT (Network Address Translation), then not really.
The best firewall solution is a hardware firewall (as in a separate box that's set up to be nothing but a firewall).
Something like Ghostwall will be just as secure as paid-for firewall solutions if it's configured properly, but there are probably some more secure linux solutions available.
Basically, any half-decent firewall correctly configured on a separate box that you run all your net connections through will give you tight-ass security.
But NAT on a router does essentially the same thing.
|
funnybunny
Saboten Bomber



Registered: 01/30/06
Posts: 602
Loc: Spain
Last seen: 1 year, 7 months
|
Re: Attn: Firewall Users [Re: OJK]
#5324060 - 02/21/06 01:28 PM (17 years, 11 months ago) |
|
|
|
Vvellum
Stranger

Registered: 05/24/04
Posts: 10,920
|
|
software firewalls are stupid. only use if you have a laptop & use public wifi spots. otherwise, use a router or a networked box running http://www.smoothwall.org or http://m0n0.ch/wall
|
Vvellum
Stranger

Registered: 05/24/04
Posts: 10,920
|
|
if you're paranoid for some security, tighten up your running services or make the switch to a secure operating system (yes, yet another endorsement for linux )
|
automan
blasted chipmunk


Registered: 09/18/03
Posts: 8,272
|
|
-------------------- No, no, you're not thinking, you're just being logical. ~ Niels Bohr
|
supercollider
superconducting


Registered: 10/13/00
Posts: 1,234
Loc: Waxahachie
|
|
I use Smoothwall on an old P133, and as far as I know, that's as secure as any hardware firewall.
Actually, it's too secure. I've been trying for weeks, unsuccessfully, to get port forwarding for SSH working.
-------------------- Supercollider? I just met her!
|
Seuss
Error: divide byzero


Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
|
|
> as far as I know, that's as secure as any hardware firewall.
Pretty close, depending upon how you have it configured. Much, much better than a software based port blocker.
> Actually, it's too secure
You have just encountered my favorite security saying... "There is always a tradeoff between usability and security."
> I've been trying for weeks, unsuccessfully, to get port forwarding for SSH working.
Describe what you are doing, and perhaps I can help.
> What or who is THE leader of Firewalls today?
I use Cisco products whenever possible. The only thing I don't like about the Cisco PIX firewalls are the inability to serve IP via DHCP based upon MAC address. The Cisco PIX is easy to make simple config changes on, but difficult to really learn. I have also used the SonicWall firewalls, but would not recommend them because they require you to pay for firmware updates after your warranty expires.
-------------------- Just another spore in the wind.
|
wilshire
free radical


Registered: 05/11/05
Posts: 2,421
Loc: SE PA
Last seen: 14 years, 3 days
|
Re: Attn: Firewall Users [Re: Seuss]
#5327362 - 02/22/06 08:23 AM (17 years, 11 months ago) |
|
|
i'm thinking about making a hardware firewall out of ipcop and an old computer. my 'network' constists solely of a simple linux box that isn't doing anything special. is a hardware firewall really necessary in that situation? what to which which i am currently vulnerable would it protect me against?
|
supercollider
superconducting


Registered: 10/13/00
Posts: 1,234
Loc: Waxahachie
|
Re: Attn: Firewall Users [Re: Seuss]
#5328626 - 02/22/06 04:52 PM (17 years, 11 months ago) |
|
|
Seuss: I have sshd working fine on localhost. I go into Smoothwall's port forwarding menu and forward port 22 to 192.168.0.200, which I know is my desktop machine. I allow any external source IP and any source port (I've tried allowing just source port 22 and allowing any).
My friend gets connection refused errors every time, and web-based port scanners don't detect port 22 open. I've also tried switching everything to port 32, but still no luck.
It all seems simple enough, it just doesn't work.
-------------------- Supercollider? I just met her!
|
Seuss
Error: divide byzero


Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
|
|
Hmm... odd that you don't see port 22 open... make sure that you can connect to the local machine from the local network.
-------------------- Just another spore in the wind.
|
|