Archived from groups: comp.security.firewalls (
More info?)
In article <c9knub$4uf$1@news.shlink.de>, wolfgang@shconnect.de says...
> Greg Hennessy wrote:
>
> > w.r.t the sage advice of implementing defence in depth using a dedicated
> > router and host based measures are utterly ridiculous.
>
> Well, I could get angry about that, but I keep calm ...
>
> Of course there is nothing wrong with 'defence in depth' and several 'lines
> of defense', if done properly and operated by skilled staff. However
> telling unskilled users simply to 'set up a NAT device' has hardly anything
> to to with 'defense in depth'. Several people giving this advice over and
> over again do not get tired claiming that most users are unskilled and
> therefore connot set up their systems properly. May I kindly ask those
> people how these unskilled users can operate a proper 'defense in depth'
> setup? If those users are unskilled (I have no doubt that many of them are
> ...) they will neither be able to read or understand the logs nor draw (the
> right) conclusions from the logs.
>
> Adding complexity to a system is never the solution when complexity itself
> is the problem.
There is no complexity when adding a router with NAT to the system -
most of them are unbox, connect, reboot, forget.
As with your comments, there is no way that simple users are going to be
able to secure their machines without "simple, clear" instructions.
Since most users can't even look for the instructions, don't run Windows
Update, don't really do anything, getting them a NAT device and quality
AV software is the next best thing to securing their system.
I don't expect users to be able to setup their systems correctly, and
you don't either, at least not based on any clear instructions you've
posted. A user will do as little as possible (or less).
The lady down the street from my house had a PC for several years, she
asked about Road Runner and I told her that she should ask them to
enable NAT or purchase a NAT device from the local computer store BEFORE
she got RR installed. Her PC is a Dell system that came configured and
ready to use with XP Home Edition. She didn't do anything, installed RR,
and was calling me within a couple days as her computer was constantly
shutting-down each time it booted. Needless to say, she didn't get the
Router, didn't get the AV software, and the McCrappy AV software on her
machine was never registered so it was not updating and didn't detect
the virus..... Do you really expect someone like that person to "stop
services" or even know what a service is?
When you post a clear and concise set of instructions that a typical
user (like Tracker) could follow, and then see that every home user is
provided it and follows it, I'll believe that your idea is sound.
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)