Author Topic: Network Securities? (Read 1049 times)

bikekil · « **Reply #30 on:** December 02, 2004, 05:02:06 AM »

cisco pix, linux firewalls, freebsd firewalls - that's what we use.

we are not filtering the traffic for our "home" clients but we can do it for the "enterprise" ones however it's not my area of operations.

as for the firewalls for the offices, as long as you know what you are doing, iptables can do everything oyu need, it's more then cheap - it's free

i say that iptables are enought to protect home and small business offices. you can read the logs as an admin and build your own or use avaliable scripts to look for the attack attempts if you don't like to read the logs yourself.... also people do live with so called "presonal firewalls" long years without being compromised. Of course you still need to know what to do, bur some "freeware" firewalls i've seen can filter out every traffic you need, so you only have to know how to use it.
Of course i'd never reccomewnd it as anything more then a firewall that's protecting a home PC.

AKS\/\/ulfe · « **Reply #31 on:** December 02, 2004, 07:29:44 AM »

Attack of the Networking NERDS.
-SW

AKIron · « **Reply #32 on:** December 02, 2004, 11:49:53 AM »

Quote

Originally posted by Vulcan
A cheap firewall is a almost a complete waste of time. You might as well put no firewall in and hope for the best with your AV software.

As one who has cleaned up many messes caused by worms or other automated attacks against those with no protection I have to say this just isn't true. I've been in the networking field since '94 and I've never had to do the same for someone behind even simple nat. And yes, I hate working on home computers but it's inevitable when you're self-employed as all of your business customers have home computers.

Maniac · « **Reply #33 on:** December 02, 2004, 11:55:50 AM »

Quote

Originally posted by AKIron
As one who has cleaned up many messes caused by worms or other automated attacks against those with no protection I have to say this just isn't true. I've been in the networking field since '94 and I've never had to do the same for someone behind even simple nat. And yes, I hate working on home computers but it's inevitable when you're self-employed as all of your business customers have home computers.

What he said. You need a basic FW. No matter how cheap it is it will do you good.

AKIron · « **Reply #34 on:** December 02, 2004, 11:59:54 AM »

Of course there is nothing you can do to protect users from themselves, short of hitting them with a brick as SW suggested.

Vulcan · « **Reply #35 on:** December 02, 2004, 01:36:01 PM »

Quote

Originally posted by bikekil
cisco pix, linux firewalls, freebsd firewalls - that's what we use.

we are not filtering the traffic for our "home" clients but we can do it for the "enterprise" ones however it's not my area of operations.

Righteoooo I rest my case. Heres a perfect example of what I'm talking about.

Vulcan · « **Reply #36 on:** December 02, 2004, 01:37:20 PM »

Quote

Originally posted by Maniac
What he said. You need a basic FW. No matter how cheap it is it will do you good.

Explain to me why, assuming I have McAfee 8i installed, which protects me from worms, buffer overflows, trojans and virus's. Explain to me what the benefits of a cheap firewall would be?

indy007 · « **Reply #37 on:** December 02, 2004, 02:14:15 PM »

Quote

Originally posted by Vulcan
Explain to me why, assuming I have McAfee 8i installed, which protects me from worms, buffer overflows, trojans and virus's. Explain to me what the benefits of a cheap firewall would be?

It's like putting a fence around your property. If somebody really wants to go over it, they will. However, it makes your fenceless neighbor's house look more enticing.

Vulcan · « **Reply #38 on:** December 02, 2004, 02:37:32 PM »

Quote

Originally posted by indy007
It's like putting a fence around your property. If somebody really wants to go over it, they will. However, it makes your fenceless neighbor's house look more enticing.

Not good enough. I want an exact technical explanation of the advantages of one personal computer, with a firewall and average AV software connected to the internet versus another personal computer with just mcafee 8i connected to the internet. I want to know exactly in technical terms the advantages of that cheap firewall.

Vipermann · « **Reply #39 on:** December 02, 2004, 03:23:00 PM »

Let me get this straight Vulcan, your advocating every home user should get one of the 3 appliances you mentioned?

Mcafee 8i huh....what other AV software are you running in conjunction with it?

DoctorYO · « **Reply #40 on:** December 02, 2004, 03:38:44 PM »

Script Kiddie twin powers activate...

boor ....... yawn..........

Click your heels three times and say majic network please work.. real fast and all your network be belongs by us....

whos going to show up next the "Sweet Pickles Bus"..........

DoctorYO

PS Biktels solution with the ip tables is sound and i second that.. cant beat free...

all this norton, checkpoint and other bs is freakin seal clubbing at its best...

Maniac · « **Reply #41 on:** December 02, 2004, 04:02:18 PM »

Quote

Originally posted by Vulcan
Explain to me why, assuming I have McAfee 8i installed, which protects me from worms, buffer overflows, trojans and virus's. Explain to me what the benefits of a cheap firewall would be?

You have to be kidding me?

I will give you an explanation tomorrow, its late here and im drunk, and i have to get to bed for work tomorrow.

And i have to read up on McAfee 8i before i comment, but you added that part afterwards. But it sounds like it have some sort of FW or port watcher or something.

Ill get back too ya.

Edit : HEHEE!

, My knee jerk response would be McAfee 8i works on known "patterns", a basic FW blocks all incoming traffic. If theres a new virus/worm then Mcafee 8i is no use.

But then again, i have to read up on Mcafee 8i :-P

Vulcan · « **Reply #42 on:** December 02, 2004, 04:33:05 PM »

Quote

Originally posted by Vipermann
Let me get this straight Vulcan, your advocating every home user should get one of the 3 appliances you mentioned?

Mcafee 8i huh....what other AV software are you running in conjunction with it?

You ever seen a Netscreen 5GT ADSL in action? Every techie I've shown one to has asked for *special* pricing for one for home.

I know people can't afford them. But I hate the response like the above apathy where people often comment on how this "freeware" does a great job or try to make comments like "you'll always get comprimisied", when in reality there are perfectly good products on the market that will actually do a lot more than the average sysadmin knows about.

I'm betting only one person in this thread has played with the IDP functionality of a Netscreen or Sonicwall and seen it action. I'm betting not many have used any form of IDP device as well.

AKIron · « **Reply #43 on:** December 02, 2004, 04:54:15 PM »

I've worked with Netscreens Vulcan and they are quality (if a bit pricey) devices. Not arguing about that. I can give you a very good reason to put in a cheap firewall vs software security. Have you ever watched someone run a dos or buffer overflow attack against a pc or router? A heck of a lot of traffic. Which do you want being pounded, your PC or that cheap firewall?

Vulcan · « **Reply #44 on:** December 02, 2004, 05:39:37 PM »

Interesting question akiron.

On one hand, your PC is probably going to just drop the packets anyway. It may cause some processor overhead.

On the other hand, your firewall will drop the packets, however the cheap firewall CPU is usually something in the sub 100mhz range. Its quite possible a DoS attack could overwhelm the firewall, whereas the PC might just take a 5-10% cpu hit.