Whats your firewall?

Discussion in 'Technology' started by Chiquitibum, Aug 16, 2005.

  1. Chiquitibum

    Chiquitibum Member+

    Apr 4, 2004
    Norte
    Club:
    Pumas UNAM
    Nat'l Team:
    Mexico
    dont tell me linksys router, spare us all. LOL

    I use Linux, CentOS Redhat Enterprise Clone.

    But I have been reading good things about
    m0n0wall :
    http://www.m0n0.ch/


    Any one ever use this?
     
  2. Foosinho

    Foosinho New Member

    Jan 11, 1999
    New Albany, OH
    Club:
    Columbus Crew
    Nat'l Team:
    United States
    Linksys router.

    What?

    In addition, I use Sygate Personal Firewall on my Windows machines to vigorously regulate what goes out.
     
  3. MikeLastort2

    MikeLastort2 Member

    Mar 28, 2002
    Takoma Park, MD
    I use a Linksys router.
     
  4. Chiquitibum

    Chiquitibum Member+

    Apr 4, 2004
    Norte
    Club:
    Pumas UNAM
    Nat'l Team:
    Mexico
    n00b, que estoy hablando español?
     
  5. Chiquitibum

    Chiquitibum Member+

    Apr 4, 2004
    Norte
    Club:
    Pumas UNAM
    Nat'l Team:
    Mexico
    im talking port security.

    Sure you can run a FW on your system, but thats system resources you are using up. then you have to deal with them popups about "are you sure you want msnmessenger to access the interweb?"
     
  6. Foosinho

    Foosinho New Member

    Jan 11, 1999
    New Albany, OH
    Club:
    Columbus Crew
    Nat'l Team:
    United States
    Frankly, I consider that worth it in order to regulate outgoing traffic. My incoming port security is provided by my Linksys system, but I *do* plan on replacing that with something more sophisticated (as I've already tapped out the port forwarding entries) when I have room for another computer (ie, move from my condo to a house).
     
  7. Chicago1871

    Chicago1871 Member

    Apr 21, 2001
    Chicago
    Nat'l Team:
    United States
    Zone Alarm has done well by me for the last year.
     
  8. Grouchy

    Grouchy Member+

    turkey bacon with swiss
    Apr 18, 1999
    Canal Winchester
    Club:
    Columbus Crew
    Nat'l Team:
    United States
    Still using free Kerio Personal Firewall 2.7(???) as a software firewall on anything important. I've given up with Kerio for the family; they screw with it and let everything through anyways so they are left with Windows XP SP2 firewall and security. If they screw it up their computers I ain't fixing it.

    At the border I have a Buffalo wireless/G router, that as of 10 minutes ago just got replaced by the D-Link DGL-4300 router I just ordered (D-Link DGL-4300 IEEE 802.11b/g,802.3/3u Wireless Gaming Router - Retail - $112 after MIR). I've had a Linksys BEFSX41 and BEFSR41 before that but ran into problems with the BEFSX41. Most ports are either blocked or forwarded to a central "family server" running XP w/Kerio Firewall and very strict rules.

    BTW; Foos - my "family server", not sure if that's what you are looking for, is a Shuttle SK41G small form factor that sits in my basement using very little power and little space. The little bugger has been rock solid.

    [​IMG]
     
  9. Chiquitibum

    Chiquitibum Member+

    Apr 4, 2004
    Norte
    Club:
    Pumas UNAM
    Nat'l Team:
    Mexico
    that gaming router seems sortof cool, for lan partys and such, but that big Gig pipe gets cut down pretty quick at your Cable modem heh?
    Unless you got a full T1 going into your home

    what kind of port blockage can you put on that thang.

    I basically have rules blocking inbound connections except 443, 22, and 21.
     
  10. Grouchy

    Grouchy Member+

    turkey bacon with swiss
    Apr 18, 1999
    Canal Winchester
    Club:
    Columbus Crew
    Nat'l Team:
    United States
    Gigabit is definitely not for cable modem since that side is 10 anyways and rarely approaches that speed. Gigabit is for local network only, like large files (backups, .iso images, XviD video library, etc), remote desktop (okay, bad example), and planning for the future (i.e. network storage/SAN/etc/etc/etc).

    I'm not sure what ports I have blocked off the top of my head.

    I have all file sharing ports, Quake 2 ports (yeah, I'm old so what), and sometimes commonly attacked ports forwarded to the family server (attacked ports are blocked by Kerio, their logging is much better). I used to have some ports remapped for remote administration but within a couple of weeks there were folks from Russia sniffing around. I figured I didn't need the hassle and my cable neighbors probably didn't either.
     
  11. Foosinho

    Foosinho New Member

    Jan 11, 1999
    New Albany, OH
    Club:
    Columbus Crew
    Nat'l Team:
    United States
    I'm also planning on stepping up to a Gigabit backbone when I get into a more "permanent" arrangement. It's just not worth upgrading my system when I've already got so much 100Mb stuff supporting just a server, desktop, and wireless laptop. Hell, even if I still had my Xbox and TiVo on my LAN I'd still probably stick with 100Mb since I can't upgrade those network cards to 1Gb.
     
  12. Naughtius Maximus

    Jul 10, 2001
    Shropshire
    Club:
    Chelsea FC
    Nat'l Team:
    England
    SuSEfirewall2 in SuSe (Novell) 9.3.

    It's a kind of front-end to iptables with the 2.6+ kernel. Good stuff actually. I've been running SuSE for a few years now after starting with slackware. Background is 'nix so it's all relatively, er, simple... ish. Well, the SuSEfirewall script is VERY simple but the back-end I mean.

    If anyone needs a decent firewall they could do a lot worse than to have small Linux box with SuSE on it and either wired or wireless networking. It even alerts you when it needs patching.

    Like I say, great stuff.
     
  13. Naughtius Maximus

    Jul 10, 2001
    Shropshire
    Club:
    Chelsea FC
    Nat'l Team:
    England
    Er, why do you need https, ftp and ssh INBOUND? Unless you're running your own website I suppose which you need to access from outside, but then you'd also need http.
     
  14. zpjohnstone

    zpjohnstone Member

    Feb 27, 2001
    Finger Lakes, NY
    Nat'l Team:
    United States
    I'll never tell, and you shouldn't either.

    You can try and scan me, but my fingerprint will lie to you.
     
  15. Grouchy

    Grouchy Member+

    turkey bacon with swiss
    Apr 18, 1999
    Canal Winchester
    Club:
    Columbus Crew
    Nat'l Team:
    United States
    I have no problem revealing what I use. I'll even clue you in that I have Insight's road runner service.

    The only way to be truly safe from the Internet is to disconnect from it.
     
  16. zpjohnstone

    zpjohnstone Member

    Feb 27, 2001
    Finger Lakes, NY
    Nat'l Team:
    United States
    False logic.

    Just because you cannot completely secure a machine, doesn't mean you can't ensure a practical expectation of security. It certainly doesn't mean you should have a casual attitude about it. It's like people who justify their smoking by saying they're going to die anyway.

    To spare everyone a long lecture, I'll just say Network Security is measured in time. If I know what type of firewall you have, that saves me time.
     
  17. Grouchy

    Grouchy Member+

    turkey bacon with swiss
    Apr 18, 1999
    Canal Winchester
    Club:
    Columbus Crew
    Nat'l Team:
    United States
    Actually, I wouldn't mind hearing the long lecture since we are dicussing firewalls and such; especially practical expectation of security in a typical home wired/wireless environment compared to what is considered a casual attitude towards security.
     
  18. zpjohnstone

    zpjohnstone Member

    Feb 27, 2001
    Finger Lakes, NY
    Nat'l Team:
    United States
    I'm not interested in home/hobbyist computing.

    Businesses take a layered approach to security. You know you can't stop a really good hacker, you can only hope to slow them down enough to be able detect and mitigate.

    Since classifying your level of security as "good" or "bad" isn't going to work, and you don't have some international standard where you could give yourself a 75% (Measuring HIPAA and SOX compliance is easy because of this- You have a clear objective, but one of my other complaints is people thinking they're secure because they are HIPAA or SOX compliant), people had to come up with some way to create a security benchmark- Something to improve upon.

    Basically, Time Based Security quantifies your security posture as the amount of time it takes you to detect and mitigate a security threat.

    Sorry, I don't have enough time today to clean this up, make it coherent and elaborate.

    TBS Bible

    I actually met another bigsoccer member at a Security Conference years back . . .
     
  19. subsnerd

    subsnerd New Member

    Sep 21, 2003
    honolulu
    linux/iptables
     
  20. Naughtius Maximus

    Jul 10, 2001
    Shropshire
    Club:
    Chelsea FC
    Nat'l Team:
    England
    If anyone's interested I did a bit of a run-through of setting up a linux based packet filtering firewall, (well, I got one of the young lad's that used to work for me to do most of it as part of his degree :) and then checked it through), a few years ago. It's based on the old SuSE 7.1 distro which is a few years out of date now and, to be frank, I didn't read it through that closely.

    Hey, I was busy, OK?

    Anyway, it's free :) and it goes through the 'innards' of setting up a linux server for a network. If I get bored one day, (not likely with the football season on), I might re-do it for the latest version but, frankly, I doubt it. Anyway, if I told everyone everything why would they need me?

    This is how I've been earning my living for the past 10-11 years. Before then I was, shall we say, an 'interested amatuer' in computer security. I've never done anything illegal in that regard. Well, not THAT illegal anyway. Nothing that has stood up on appeal ;) :D

    There's one thing I WILL tell ya, though. The biggest element of insecurity in computing today and for the foreseeable future? USERS! Every time.
     
  21. zpjohnstone

    zpjohnstone Member

    Feb 27, 2001
    Finger Lakes, NY
    Nat'l Team:
    United States
    He's absolutely correct. There is someone working at your bank with a password taped to the bottom of their keyboard right now.


    And then there's social engineering- A hacker looks at genericfictionalcompany's employee list, or better yet, executive profiles, on genericfictional.com. Calls in to the genericfictional helpdesk and says "Hey I'm Joe User and I forgot my password. Will you reset it for me?" I bet 80 times out of 100, the help desk does what he asks, and gives the hacker the user's new password. Even if it's a crappy user with limited rights there are many common rights escalation exploits that work in most non-hardened (i.e., >90%) environments.
     
  22. Naughtius Maximus

    Jul 10, 2001
    Shropshire
    Club:
    Chelsea FC
    Nat'l Team:
    England
    The 'bottom' eh! Yeah, but that's only 'cause he's a security zealot. :)
     
  23. Chiquitibum

    Chiquitibum Member+

    Apr 4, 2004
    Norte
    Club:
    Pumas UNAM
    Nat'l Team:
    Mexico
    wft?
     
  24. Chiquitibum

    Chiquitibum Member+

    Apr 4, 2004
    Norte
    Club:
    Pumas UNAM
    Nat'l Team:
    Mexico
    I guess its not really a side track of this thread to talk about security as a whole, but things such as users being a problem is a given and is something "we" just have to take care of.

    I am talking about what a good firewall is or "border" security, specifically for home.

    For good security I would say a good packet filtering firewall is great, and some sort of IDS is even better for home use and essential for business.

    To go even further, proxying and filtering web traffic is another security must as many viruses and BS can be brought through clicking on a website.

    on business end what firewalls do you recommend? just for discussions sake. If you say PIX, give me some explaining. I never really understand the whole PIX bandwagon.
     
  25. MikeLastort2

    MikeLastort2 Member

    Mar 28, 2002
    Takoma Park, MD
    I assumed the question originally posted meant what's your firewall for your home system.

    I'm behind a Linksys router at home. I also use Norton Internet Security in conjunction with the security settings that are part of Windows XP Professional (SP 2).

    What we have at work is an entirely different story.
     

Share This Page