ADSL connected, is it open without loging-in?

[Olim]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

My ADSL Broadband shows its connected, as soon as I start
the computer, but I need to log-in to get onto the
internet, does this mean that I am vulnerable to others
accessing my computer - even when I am NOT logged-on? I
do have ZoneAlarms free Firewall, McAfee Antivirus,
Spybot, Ad-Aware & pop-up stopper installed. My ISP says
I should only be on for 8 hours a day, not sure if this
is when logged-on or just when ADSL is connected? I just
want to be aware of the possibility that anyone can 'see'
my computer. I have only recently gone onto Broadband.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

OLIM wrote:
> My ADSL Broadband shows its connected, as soon as I start
> the computer, but I need to log-in to get onto the
> internet, does this mean that I am vulnerable to others
> accessing my computer - even when I am NOT logged-on? I
> do have ZoneAlarms free Firewall, McAfee Antivirus,
> Spybot, Ad-Aware & pop-up stopper installed.

I imagine you are using a PPPoE client to log into your ADSL? If so, it
likely isn't running when you haven't logged in yet, so you aren't really
"connected" if so.
Your firewall and antivirus should be running resident in the background,
I'd think. Pop-up blockers won't matter when you aren't logged in anyway.

> My ISP says
> I should only be on for 8 hours a day,

That's rather bossy and presumptuous of them!

> not sure if this
> is when logged-on or just when ADSL is connected? I just
> want to be aware of the possibility that anyone can 'see'
> my computer. I have only recently gone onto Broadband.

In addition to your ZoneAlarm, I'd recommend getting a simple hardware
firewall/gateway appliance to put between your DSL modem & your computer. It
will do DHCP and NAT for you...and can log in to the PPPoE account using
your credentials, so your computer doesn't have to manage the work. A
NetGear FR114P (my current fave) is about $80USD, I think.

 

[Olim]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I think I may be using a PPPoE client to log into my
ADSL? If it is the same as PPPoA?
Approx. 8 hrs a day, (with 2 GB month) is because I am
paying a lower monthly figure, if I paid more I'd me able
to be online longer, but this is quite enough for me,
anyway. What is a simple hardware firewall/gateway
appliance to put between my DSL modem & my computer. My
DSL is inside my computer, so how would I connect to it?
Why do I need DHCP and NAT? What do these do for me? I
only have one computer, no others.

>-----Original Message-----
>OLIM wrote:
>>My ADSL Broadband shows its connected, as soon as I
>>start the computer, but I need to log-in to get onto the
>>internet, does this mean that I am vulnerable to others
>>accessing my computer - even when I am NOT logged-on?
>>I do have ZoneAlarms free Firewall, McAfee Antivirus,
>>Spybot, Ad-Aware & pop-up stopper installed.
>
>I imagine you are using a PPPoE client to log into your
>ADSL? If so, it likely isn't running when you haven't
>logged in yet, so you aren't really "connected" if so.
>Your firewall and antivirus should be running resident
>in the background, I'd think. Pop-up blockers won't
>matter when you aren't logged in anyway.
>
>> My ISP says
>> I should only be on for 8 hours a day,
>
>That's rather bossy and presumptuous of them!
>
>>not sure if this is when logged-on or just when ADSL
>>is connected? I just want to be aware of the
>>possibility that anyone can 'see' my computer. I have
>>only recently gone onto Broadband.
>
>In addition to your ZoneAlarm, I'd recommend getting a
simple hardware firewall/gateway appliance to put between
your DSL modem & your computer. It will do DHCP and NAT
for you...and can log in to the PPPoE account using
>your credentials, so your computer doesn't have to
manage the work. A NetGear FR114P (my current fave) is
about $80USD, I think.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I use my DSL 24 hours per day, you are NOT limited to just 8 hours per day.

I suggest that you get a Cable/DSL Router such as the Linksys BEFSR41. It will act as a
simplistic FireWall and block activity before it reaches the computer. There are even
models that have full FireWall capabilities built-in. There are many other benefits to such
as a device such as being able to share the DSL WAN connection with upto 253 LAN nodes and
if you are using PPPoE as the DSL connector than the Router, not the PC, will make the DSL
connection and NO ISP provided software is needed.

--
Dave




"OLIM" <anonymous@discussions.microsoft.com> wrote in message
news:281c01c50c70$d6dee710$a601280a@phx.gbl...
| My ADSL Broadband shows its connected, as soon as I start
| the computer, but I need to log-in to get onto the
| internet, does this mean that I am vulnerable to others
| accessing my computer - even when I am NOT logged-on? I
| do have ZoneAlarms free Firewall, McAfee Antivirus,
| Spybot, Ad-Aware & pop-up stopper installed. My ISP says
| I should only be on for 8 hours a day, not sure if this
| is when logged-on or just when ADSL is connected? I just
| want to be aware of the possibility that anyone can 'see'
| my computer. I have only recently gone onto Broadband.

 

[Olim]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks Dave,
Can I still use a DSL Router, if my ADSL Modem is inside
my computer, (not external, as a lot our)? If so, how do
I connect the router to the computer, or do I connect
from the Telephone line through the Router to the
computer? I do not need any LAN nodes what ever they are?
Also I need my ISP as I pay a monthly amount to receive
emails, as well as accessing the internet. I am limited
as I pay a cheaper amount for this, if I paid more, I
could be on for longer. It is only approximately 8 hrs.
Which is quite long enough for me anyway!

>-----Original Message-----
>I use my DSL 24 hours per day, you are NOT limited to
just 8 hours per day.
>
>I suggest that you get a Cable/DSL Router such as the
>Linksys BEFSR41. It will act as a simplistic FireWall
>and block activity before it reaches the computer.
>There are even models that have full FireWall
>capabilities built-in. There are many other benefits to
>such as a device such as being able to share the DSL
>WAN connection with upto 253 LAN nodes and if you are
>using PPPoE as the DSL connector than the Router, not
>the PC, will make the DSL connection and NO ISP provided
>software is needed.
>Dave
>
>"OLIM" wrote in message
>My ADSL Broadband shows its connected, as soon as I
>start the computer, but I need to log-in to get onto the
> internet, does this mean that I am vulnerable to others
>accessing my computer - even when I am NOT logged-on? I
>do have ZoneAlarms free Firewall, McAfee Antivirus,
>Spybot, Ad-Aware & pop-up stopper installed. My ISP says
>I should only be on for 8 hours a day, not sure if this
>is when logged-on or just when ADSL is connected? I
>just want to be aware of the possibility that anyone
>can 'see' | my computer. I have only recently gone onto
>Broadband.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

If you have a DSL Modem built into the computer you were screwed by your ISP. You can't use
an external Router.

Who is your ISP ?

--
Dave




"OLIM" <anonymous@discussions.microsoft.com> wrote in message
news:0eb601c50c86$5245e330$a501280a@phx.gbl...
| Thanks Dave,
| Can I still use a DSL Router, if my ADSL Modem is inside
| my computer, (not external, as a lot our)? If so, how do
| I connect the router to the computer, or do I connect
| from the Telephone line through the Router to the
| computer? I do not need any LAN nodes what ever they are?
| Also I need my ISP as I pay a monthly amount to receive
| emails, as well as accessing the internet. I am limited
| as I pay a cheaper amount for this, if I paid more, I
| could be on for longer. It is only approximately 8 hrs.
| Which is quite long enough for me anyway!
|
| >-----Original Message-----
| >I use my DSL 24 hours per day, you are NOT limited to
| just 8 hours per day.
| >
| >I suggest that you get a Cable/DSL Router such as the
| >Linksys BEFSR41. It will act as a simplistic FireWall
| >and block activity before it reaches the computer.
| >There are even models that have full FireWall
| >capabilities built-in. There are many other benefits to
| >such as a device such as being able to share the DSL
| >WAN connection with upto 253 LAN nodes and if you are
| >using PPPoE as the DSL connector than the Router, not
| >the PC, will make the DSL connection and NO ISP provided
| >software is needed.
| >Dave
| >
| >"OLIM" wrote in message
| >My ADSL Broadband shows its connected, as soon as I
| >start the computer, but I need to log-in to get onto the
| > internet, does this mean that I am vulnerable to others
| >accessing my computer - even when I am NOT logged-on? I
| >do have ZoneAlarms free Firewall, McAfee Antivirus,
| >Spybot, Ad-Aware & pop-up stopper installed. My ISP says
| >I should only be on for 8 hours a day, not sure if this
| >is when logged-on or just when ADSL is connected? I
| >just want to be aware of the possibility that anyone
| >can 'see' | my computer. I have only recently gone onto
| >Broadband.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

OLIM wrote:
> I think I may be using a PPPoE client to log into my
> ADSL? If it is the same as PPPoA?

Yep.

> Approx. 8 hrs a day, (with 2 GB month) is because I am
> paying a lower monthly figure, if I paid more I'd me able
> to be online longer, but this is quite enough for me,
> anyway.

What do they consider as "online" ? If you're connected but not doing
anything, does it count?

What is a simple hardware firewall/gateway
> appliance to put between my DSL modem & my computer. My
> DSL is inside my computer, so how would I connect to it?

It is??

> Why do I need DHCP and NAT? What do these do for me? I
> only have one computer, no others.

If you have a separate appliance, you have an additonal layer of security.
>
>> -----Original Message-----
>> OLIM wrote:
>>> My ADSL Broadband shows its connected, as soon as I
>>> start the computer, but I need to log-in to get onto the
>>> internet, does this mean that I am vulnerable to others
>>> accessing my computer - even when I am NOT logged-on?
>>> I do have ZoneAlarms free Firewall, McAfee Antivirus,
>>> Spybot, Ad-Aware & pop-up stopper installed.
>>
>> I imagine you are using a PPPoE client to log into your
>> ADSL? If so, it likely isn't running when you haven't
>> logged in yet, so you aren't really "connected" if so.
>> Your firewall and antivirus should be running resident
>> in the background, I'd think. Pop-up blockers won't
>> matter when you aren't logged in anyway.
>>
>>> My ISP says
>>> I should only be on for 8 hours a day,
>>
>> That's rather bossy and presumptuous of them!
>>
>>> not sure if this is when logged-on or just when ADSL
>>> is connected? I just want to be aware of the
>>> possibility that anyone can 'see' my computer. I have
>>> only recently gone onto Broadband.
>>
>> In addition to your ZoneAlarm, I'd recommend getting a
> simple hardware firewall/gateway appliance to put between
> your DSL modem & your computer. It will do DHCP and NAT
> for you...and can log in to the PPPoE account using
>> your credentials, so your computer doesn't have to
> manage the work. A NetGear FR114P (my current fave) is
> about $80USD, I think.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Sun, 06 Feb 2005 13:53:25 -0500, David H. Lipman wrote:

> I suggest that you get a Cable/DSL Router such as the Linksys BEFSR41. It will act as a
> simplistic FireWall and block activity before it reaches the computer. There are even
> models that have full FireWall capabilities built-in.

I also suggest that the OP purchase a DSL/Cable router so that they can
have the first layer of protection, but Linksys does not offer a firewall
device, sure, they call a couple units firewalls, but that's like calling
a Floppy disk a hard drive

--
spam999free@rrohio.com
remove 999 in order to email me

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Leythos wrote:
> On Sun, 06 Feb 2005 13:53:25 -0500, David H. Lipman wrote:
>
>> I suggest that you get a Cable/DSL Router such as the Linksys
>> BEFSR41. It will act as a simplistic FireWall and block activity
>> before it reaches the computer. There are even models that have
>> full FireWall capabilities built-in.
>
> I also suggest that the OP purchase a DSL/Cable router so that they
> can have the first layer of protection, but Linksys does not offer a
> firewall device, sure, they call a couple units firewalls, but that's
> like calling a Floppy disk a hard drive

I'm not a huge fan of Linksys stuff, but they, and Netgear, and Dlink, do
offer cheap & cheerful SPI firewall appliances. Not bad bang for the buck.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Sun, 06 Feb 2005 19:46:14 -0500, Lanwench [MVP - Exchange] wrote:

> Leythos wrote:
>> On Sun, 06 Feb 2005 13:53:25 -0500, David H. Lipman wrote:
>>
>>> I suggest that you get a Cable/DSL Router such as the Linksys
>>> BEFSR41. It will act as a simplistic FireWall and block activity
>>> before it reaches the computer. There are even models that have
>>> full FireWall capabilities built-in.
>>
>> I also suggest that the OP purchase a DSL/Cable router so that they
>> can have the first layer of protection, but Linksys does not offer a
>> firewall device, sure, they call a couple units firewalls, but that's
>> like calling a Floppy disk a hard drive
>
> I'm not a huge fan of Linksys stuff, but they, and Netgear, and Dlink, do
> offer cheap & cheerful SPI firewall appliances. Not bad bang for the buck.

And if you look at most of their stuff (Netgear, D-Link), unless you
spend more than $200 it's just NAT with SPI.


--
spam999free@rrohio.com
remove 999 in order to email me

 

[Olim]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

My ISP is Wanadoo.com, which is who I was paying monthly
to on dial-up anytime, as have a website, wanted to keep
the same one. It was my choice to use my internal DSL
Modem, not my ISP, they have sent me an external one, but
not used it. Have no idea? if staying online, but not
using it, adds up the 8 hrs a day? Do not know what
would happen if I go over this!
Everything is working fine, so do not want to alter
anything, just wanted to know if I was online when my DSL
says its connected, but I haven't signed in (logged on).
Have received an answer from 'Lanwench' that I should not
be connected if using PPPoA client to log into your ADSL,
which I am.

>-----Original Message-----
>If you have a DSL Modem built into the computer you were
screwed by your ISP. You can't use an external Router.
>
>Who is your ISP ?
>
>--
>Dave
>
>"OLIM" < wrote in message
>| Can I still use a DSL Router, if my ADSL Modem is
>inside my computer, (not external, as a lot our)? If
>so, how do I connect the router to the computer, or do I
>connect from the Telephone line through the Router to the
>| computer? I do not need any LAN nodes what ever they
are?
>| Also I need my ISP as I pay a monthly amount to receive
>| emails, as well as accessing the internet. I am
>limited as I pay a cheaper amount for this, if I paid
>more, I could be on for longer. It is only approximately
>8 hrs.
>| Which is quite long enough for me anyway!
>|
>| >-----Original Message-----
>| >I use my DSL 24 hours per day, you are NOT limited to
>| just 8 hours per day.
>| >
>| >I suggest that you get a Cable/DSL Router such as the
>| >Linksys BEFSR41. It will act as a simplistic FireWall
>| >and block activity before it reaches the computer.
>| >There are even models that have full FireWall
>| >capabilities built-in. There are many other benefits
>| >to such as a device such as being able to share the
>| >DSL WAN connection with upto 253 LAN nodes and if you
>| >are using PPPoE as the DSL connector than the Router,
>| >not the PC, will make the DSL connection and NO ISP
>| >provided software is needed.
>| >Dave
>| >
>| >"OLIM" wrote in message
>| >My ADSL Broadband shows its connected, as soon as I
>| >start the computer, but I need to log-in to get onto
>| >the internet, does this mean that I am vulnerable to
>| >others accessing my computer - even when I am NOT
>| >logged-on? I do have ZoneAlarms free Firewall,
>|>McAfee Antivirus, Spybot, Ad-Aware & pop-up stopper
>|>installed. My ISP says I should only be on for 8 hours
>|>a day, not sure if this is when logged-on or just when
>|>ADSL is connected? I just want to be aware of the
>|>possibility that anyone can 'see' | my computer. I
have only recently gone onto Broadband.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Leythos wrote:
> On Sun, 06 Feb 2005 19:46:14 -0500, Lanwench [MVP - Exchange] wrote:
>
>> Leythos wrote:
>>> On Sun, 06 Feb 2005 13:53:25 -0500, David H. Lipman wrote:
>>>
>>>> I suggest that you get a Cable/DSL Router such as the Linksys
>>>> BEFSR41. It will act as a simplistic FireWall and block activity
>>>> before it reaches the computer. There are even models that have
>>>> full FireWall capabilities built-in.
>>>
>>> I also suggest that the OP purchase a DSL/Cable router so that they
>>> can have the first layer of protection, but Linksys does not offer a
>>> firewall device, sure, they call a couple units firewalls, but
>>> that's like calling a Floppy disk a hard drive
>>
>> I'm not a huge fan of Linksys stuff, but they, and Netgear, and
>> Dlink, do offer cheap & cheerful SPI firewall appliances. Not bad
>> bang for the buck.
>
> And if you look at most of their stuff (Netgear, D-Link), unless you
> spend more than $200 it's just NAT with SPI.

Yep - which is a sight better than just NAT, which is all most of the cheap
& cheerful gateways do. One has to balance security & budget. Most home
users can't afford a PIX, or ISA, but that doesn't mean the appropriate
alternative is to use nothing at all.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Mon, 07 Feb 2005 08:55:12 -0500, Lanwench [MVP - Exchange] wrote:

> Leythos wrote:
>> On Sun, 06 Feb 2005 19:46:14 -0500, Lanwench [MVP - Exchange] wrote:
>>
>>> Leythos wrote:
>>>> On Sun, 06 Feb 2005 13:53:25 -0500, David H. Lipman wrote:
>>>>
>>>>> I suggest that you get a Cable/DSL Router such as the Linksys
>>>>> BEFSR41. It will act as a simplistic FireWall and block activity
>>>>> before it reaches the computer. There are even models that have
>>>>> full FireWall capabilities built-in.
>>>>
>>>> I also suggest that the OP purchase a DSL/Cable router so that they
>>>> can have the first layer of protection, but Linksys does not offer a
>>>> firewall device, sure, they call a couple units firewalls, but
>>>> that's like calling a Floppy disk a hard drive
>>>
>>> I'm not a huge fan of Linksys stuff, but they, and Netgear, and
>>> Dlink, do offer cheap & cheerful SPI firewall appliances. Not bad
>>> bang for the buck.
>>
>> And if you look at most of their stuff (Netgear, D-Link), unless you
>> spend more than $200 it's just NAT with SPI.
>
> Yep - which is a sight better than just NAT, which is all most of the cheap
> & cheerful gateways do. One has to balance security & budget. Most home
> users can't afford a PIX, or ISA, but that doesn't mean the appropriate
> alternative is to use nothing at all.

As long as they don't start thinking they are firewalls then I don't have
a problem with them. In the early days all of the vendors called them
cable routers and then cable/dsl routers and then marketing got involved
and they started (without any firmware changes) calling them Firewalls.

They make great devices to protect from Inbound attacks, and that's what
most people need in order to get online safely, but it's not a firewall.

--
spam999free@rrohio.com
remove 999 in order to email me

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Leythos wrote:
> On Mon, 07 Feb 2005 08:55:12 -0500, Lanwench [MVP - Exchange] wrote:
>
>> Leythos wrote:
>>> On Sun, 06 Feb 2005 19:46:14 -0500, Lanwench [MVP - Exchange] wrote:
>>>
>>>> Leythos wrote:
>>>>> On Sun, 06 Feb 2005 13:53:25 -0500, David H. Lipman wrote:
>>>>>
>>>>>> I suggest that you get a Cable/DSL Router such as the Linksys
>>>>>> BEFSR41. It will act as a simplistic FireWall and block activity
>>>>>> before it reaches the computer. There are even models that have
>>>>>> full FireWall capabilities built-in.
>>>>>
>>>>> I also suggest that the OP purchase a DSL/Cable router so that
>>>>> they can have the first layer of protection, but Linksys does not
>>>>> offer a firewall device, sure, they call a couple units
>>>>> firewalls, but that's like calling a Floppy disk a hard drive
>>>>
>>>> I'm not a huge fan of Linksys stuff, but they, and Netgear, and
>>>> Dlink, do offer cheap & cheerful SPI firewall appliances. Not bad
>>>> bang for the buck.
>>>
>>> And if you look at most of their stuff (Netgear, D-Link), unless you
>>> spend more than $200 it's just NAT with SPI.
>>
>> Yep - which is a sight better than just NAT, which is all most of
>> the cheap & cheerful gateways do. One has to balance security &
>> budget. Most home users can't afford a PIX, or ISA, but that doesn't
>> mean the appropriate alternative is to use nothing at all.
>
> As long as they don't start thinking they are firewalls then I don't
> have a problem with them. In the early days all of the vendors called
> them cable routers and then cable/dsl routers and then marketing got
> involved and they started (without any firmware changes) calling them
> Firewalls.
>
> They make great devices to protect from Inbound attacks, and that's
> what most people need in order to get online safely, but it's not a
> firewall.

Sure. The word gets bandied about a lot, but SPI=firewall. "Acts as a
firewall" = NAT box.

If it's $30, it's probably the latter. If it's $80, it may well be a
firewall.

It still isn't anything an enterprise network would use, but it's a damned
sight better than just one's cable/DSL modem. And you can configure most of
the cheapies to block outbound traffic as well....the interface & features
just aren't as great as on higher end stuff.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Mon, 07 Feb 2005 23:48:00 -0500, Lanwench [MVP - Exchange] wrote:

> Sure. The word gets bandied about a lot, but SPI=firewall. "Acts as a
> firewall" = NAT box.

Sorry, I just don't feel that adding SPI to a NAT box makes it a firewall.

> If it's $30, it's probably the latter. If it's $80, it may well be a
> firewall.

Price also doesn't make or break it from being a firewall.

> It still isn't anything an enterprise network would use, but it's a damned
> sight better than just one's cable/DSL modem. And you can configure most of
> the cheapies to block outbound traffic as well....the interface & features
> just aren't as great as on higher end stuff.

I agree that NAT is better than nothing, NAT+SPI is still even better, but
the combination does not make it a firewall.


--
spam999free@rrohio.com
remove 999 in order to email me

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

And that's why I call it a Simplistic FireWall.

--
Dave




"Leythos" <void@nowhere.lan> wrote in message
newsan.2005.02.08.13.45.13.109779@nowhere.lan...
| On Mon, 07 Feb 2005 23:48:00 -0500, Lanwench [MVP - Exchange] wrote:
|
| > Sure. The word gets bandied about a lot, but SPI=firewall. "Acts as a
| > firewall" = NAT box.
|
| Sorry, I just don't feel that adding SPI to a NAT box makes it a firewall.
|
| > If it's $30, it's probably the latter. If it's $80, it may well be a
| > firewall.
|
| Price also doesn't make or break it from being a firewall.
|
| > It still isn't anything an enterprise network would use, but it's a damned
| > sight better than just one's cable/DSL modem. And you can configure most of
| > the cheapies to block outbound traffic as well....the interface & features
| > just aren't as great as on higher end stuff.
|
| I agree that NAT is better than nothing, NAT+SPI is still even better, but
| the combination does not make it a firewall.
|
|
| --
| spam999free@rrohio.com
| remove 999 in order to email me
|

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Tue, 08 Feb 2005 09:09:49 -0500, David H. Lipman wrote:

> And that's why I call it a Simplistic FireWall.

You should really learn to bottom post so that proper news readers can
work with your posts:

Simplistic is not an answer or excuse, it's either a firewall or not a
firewall, since it doesn't meet the requirements to be a firewall it's NOT
a firewall.

Those devices clearly meet the requirement to be a ROUTER, and are
performing routing functions only. It would seem that if they had stuck
with calling them ROUTERS instead of firewalls, that a lot of people would
not be mistakenly thinking they are protected by a firewall.

A router with NAT is not a firewall, a Firewall may include NAT, but NAT
does not make the firewall a firewall. You need to learn more about the
market before you start accepting that those SOHO devices are what they
claim to be.



> "Leythos" <void@nowhere.lan> wrote in message
> newsan.2005.02.08.13.45.13.109779@nowhere.lan...
> | On Mon, 07 Feb 2005 23:48:00 -0500, Lanwench [MVP - Exchange] wrote:
> |
> | > Sure. The word gets bandied about a lot, but SPI=firewall. "Acts as
> | > a firewall" = NAT box.
> |
> | Sorry, I just don't feel that adding SPI to a NAT box makes it a
> | firewall.
> |
> | > If it's $30, it's probably the latter. If it's $80, it may well be a
> | > firewall.
> |
> | Price also doesn't make or break it from being a firewall.
> |
> | > It still isn't anything an enterprise network would use, but it's a
> | > damned sight better than just one's cable/DSL modem. And you can
> | > configure most of the cheapies to block outbound traffic as
> | > well....the interface & features just aren't as great as on higher
> | > end stuff.
> |
> | I agree that NAT is better than nothing, NAT+SPI is still even better,
> | but the combination does not make it a firewall.
> |


--
spam999free@rrohio.com
remove 999 in order to email me

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Leythos:

I just don't blindly accept it. I have tested it. That is also why I suggest that TCP and
UDP ports 135 ~ 139 and 445 be blocked on *any* SOHO Router.

As for Bottom Posting, forget about it ;-)

--
Dave




"Leythos" <void@nowhere.lan> wrote in message
newsan.2005.02.08.15.52.25.587735@nowhere.lan...
| On Tue, 08 Feb 2005 09:09:49 -0500, David H. Lipman wrote:
|
| > And that's why I call it a Simplistic FireWall.
|
| You should really learn to bottom post so that proper news readers can
| work with your posts:
|
| Simplistic is not an answer or excuse, it's either a firewall or not a
| firewall, since it doesn't meet the requirements to be a firewall it's NOT
| a firewall.
|
| Those devices clearly meet the requirement to be a ROUTER, and are
| performing routing functions only. It would seem that if they had stuck
| with calling them ROUTERS instead of firewalls, that a lot of people would
| not be mistakenly thinking they are protected by a firewall.
|
| A router with NAT is not a firewall, a Firewall may include NAT, but NAT
| does not make the firewall a firewall. You need to learn more about the
| market before you start accepting that those SOHO devices are what they
| claim to be.
|

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Tue, 08 Feb 2005 11:51:21 -0500, David H. Lipman wrote:

> Leythos:
>
> I just don't blindly accept it. I have tested it. That is also why I suggest that TCP and
> UDP ports 135 ~ 139 and 445 be blocked on *any* SOHO Router.
>
> As for Bottom Posting, forget about it ;-)

Dave, I've tested every make and model that Linkys offers, most of the
D-Link line and the same for Netgear, in the under $250 range not one of
them is a firewall, they are all just ROUTERS.

Don't get me wrong, I like NAT Routers for the first line of protection in
a SOHO environment, but I will never confuse the simple functions of NAT
with those of a firewall appliance/device.


--
spam999free@rrohio.com
remove 999 in order to email me

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Leythos wrote:
> On Tue, 08 Feb 2005 11:51:21 -0500, David H. Lipman wrote:
>
>> Leythos:
>>
>> I just don't blindly accept it. I have tested it. That is also why
>> I suggest that TCP and UDP ports 135 ~ 139 and 445 be blocked on
>> *any* SOHO Router.
>>
>> As for Bottom Posting, forget about it ;-)
>
> Dave, I've tested every make and model that Linkys offers, most of the
> D-Link line and the same for Netgear, in the under $250 range not one
> of them is a firewall, they are all just ROUTERS.
>
> Don't get me wrong, I like NAT Routers for the first line of
> protection in a SOHO environment, but I will never confuse the simple
> functions of NAT with those of a firewall appliance/device.

Not to get bogged down in a flamewar, no matter how gentle, a router isn't
really a router if it doesn't participate in RIP, is it. I call 'em
"routers" or, more appropriately, "gateway appliances".

"Firewall" is a fairly flexible term, but SPI is one type of firewall. I'm
pretty sure that Cisco is a fairly reliable source.

-----------------------
Stateful Inspection

Basic Definition:
The ability of a firewall to retain "state" information about
ongoing network sessions. When a packet goes out through a stateful firewall
(TCP/UDP/ICMP), it will only permit expected return traffic that would
normally be returned in response to that packet from the remote site. This
prevents a wide variety of attacks.


http://business.cisco.com/app/search.taf?_function=search&more_options=two&search_scope=92888&tree_type=Asset&display_option=Glossary&style=iQ&asset_type_id=44728&public_view=true&kbns=2&DefMode=&keyword=stateful


----------------------
Now, I'm outta here. Pax.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Wed, 09 Feb 2005 19:25:31 -0500, Lanwench [MVP - Exchange] wrote:

> Leythos wrote:
>> On Tue, 08 Feb 2005 11:51:21 -0500, David H. Lipman wrote:
>>
>>> Leythos:
>>>
>>> I just don't blindly accept it. I have tested it. That is also why
>>> I suggest that TCP and UDP ports 135 ~ 139 and 445 be blocked on
>>> *any* SOHO Router.
>>>
>>> As for Bottom Posting, forget about it ;-)
>>
>> Dave, I've tested every make and model that Linkys offers, most of the
>> D-Link line and the same for Netgear, in the under $250 range not one
>> of them is a firewall, they are all just ROUTERS.
>>
>> Don't get me wrong, I like NAT Routers for the first line of
>> protection in a SOHO environment, but I will never confuse the simple
>> functions of NAT with those of a firewall appliance/device.
>
> Not to get bogged down in a flamewar, no matter how gentle, a router isn't
> really a router if it doesn't participate in RIP, is it. I call 'em
> "routers" or, more appropriately, "gateway appliances".
>
> "Firewall" is a fairly flexible term, but SPI is one type of firewall. I'm
> pretty sure that Cisco is a fairly reliable source.
>
> -----------------------
> Stateful Inspection
>
> Basic Definition:
> The ability of a firewall to retain "state" information about
> ongoing network sessions. When a packet goes out through a stateful firewall
> (TCP/UDP/ICMP), it will only permit expected return traffic that would
> normally be returned in response to that packet from the remote site. This
> prevents a wide variety of attacks.
>
>
> http://business.cisco.com/app/search.taf?_function=search&more_options=two&search_scope=92888&tree_type=Asset&display_option=Glossary&style=iQ&asset_type_id=44728&public_view=true&kbns=2&DefMode=&keyword=stateful

You seem to have take SPI out of context "through a stateful firewall"
that does not indicate that a device that uses SPI is a firewall, it say
"through a stateful FIREWALL".

And all of the home units - Linksys include - offer RIP1 and RIP2 if the
user wants to manually set it up.

No flames, this is all good.


--
spam999free@rrohio.com
remove 999 in order to email me