Security on a home DSL Line
I'm looking to beef up security on a home DSL line. Currently I am using ZoneAlarm (the freeware version). I'm thinking of taking an old Pentium 120, and setting that up as a firewall, but wanted to know if anyone else had a better idea. __________________________________________________ Do You Yahoo!?
From homework help to love advice, Yahoo! Experts has your answer. http://experts.yahoo.com/
Hello, A pentium will definitely suffice as a firewall. Beefing up security really depends on your OS as to a specific 'good-enough-for-now' solution. I decided to just lock my computer down by applying all of the recommended and security related patches from the vendor of the OS, then I comment out almost every service in /etc/inetd.conf. You don't want to be using services like fingerd and telnetd most likely. I usually only run sshd, secure RPC, and httpd. I would also recommend using tcp wrappers for the tcp services that you enable. That seems to be working fine for my home computer, and it's kind of fun to watch the logs. You would be amazed at some of the things people try to do. :) Cheers, todd "J. Gilmore" wrote:
I'm looking to beef up security on a home DSL line. Currently I am using ZoneAlarm (the freeware version). I'm thinking of taking an old Pentium 120, and setting that up as a firewall, but wanted to know if anyone else had a better idea.
__________________________________________________ Do You Yahoo!?
From homework help to love advice, Yahoo! Experts has your answer. http://experts.yahoo.com/
-- -------------------------------------------------------------- <!-- Todd Caine - tcaine@eli.net Software Engineer Electric Lightwave, Inc. 4400 NE 77th Avenue Vancouver, WA 98662 Direct Dial: (360) 816-4344 //--> --------------------------------------------------------------
On Thu, 2 Nov 2000, Todd Caine wrote:
recommended and security related patches from the vendor of the OS, then I comment out almost every service in /etc/inetd.conf. You don't want to be using services like fingerd and telnetd most likely. I usually only run sshd, secure RPC, and httpd. I would also recommend using tcp wrappers for the tcp services that you enable.
You should be able to get away just running sshd on the firewall box. -- ** To all who asked: The Chow now has a good home! Tnx for your interest ** Steve Sobol, BOFH, President 888.480.4NET 866.DSL.EXPRESS 216.619.2NET North Shore Technologies Corporation http://NorthShoreTechnologies.net JustTheNet/JustTheNet EXPRESS DSL (ISP Services) http://JustThe.net mailto:sjsobol@NorthShoreTechnologies.net Proud resident of Cleveland, OH
"J. Gilmore" wrote:
I'm looking to beef up security on a home DSL line. Currently I am using ZoneAlarm (the freeware version). I'm thinking of taking an old Pentium 120, and setting that up as a firewall, but wanted to know if anyone else had a better idea.
That's what I do with my home LAN. I set up an old 486 (which I had lying around doing nothing anyway) with two Ethernet cards and Linux on the hard drive. I use the built-in IPCHAINS facility to set up firewall rules. It's not terribly fast, but fast enough to do line-rate at the speed of my 256K SDSL line. -- David
Free is a nice price, but if you want a simple drop in firewall.. take a look at the low end product from Sonicwall. I've got one of the SoHo-10 models.. and for around $400 ... it was a lot easier for me than configuring a software solution. I haven't had any throughput problems on a 1.5/1.5 DSL circuit .. and web based configuration makes filtering and reporting exceedingly easy. Take a look. A side note would be that many of the major DSL CPE's have firewall sets (Pipelines, Flowpoints, Netopia come to mind) included in them .. though getting the ISP to enable them may be difficult. - Bryan ----- Original Message ----- From: "J. Gilmore" <reece0011@yahoo.com> To: <nanog@merit.edu> Sent: Thursday, November 02, 2000 6:38 PM Subject: Security on a home DSL Line
I'm looking to beef up security on a home DSL line. Currently I am using ZoneAlarm (the freeware version). I'm thinking of taking an old Pentium 120, and setting that up as a firewall, but wanted to know if anyone else had a better idea.
__________________________________________________ Do You Yahoo!? From homework help to love advice, Yahoo! Experts has your answer. http://experts.yahoo.com/
Bang for the buck and the cost of my time: Netgear rt311. Nice box, plugs in with NAT and filter and works, allowing for customized config at liesure. Simple dual ethernet with web config and telnet CLI with outrageous options for the measly $100. James ----- Original Message ----- From: "J. Gilmore" <reece0011@yahoo.com> To: <nanog@merit.edu> Sent: Thursday, November 02, 2000 6:38 PM Subject: Security on a home DSL Line
I'm looking to beef up security on a home DSL line. Currently I am using ZoneAlarm (the freeware version). I'm thinking of taking an old Pentium 120, and setting that up as a firewall, but wanted to know if anyone else had a better idea.
__________________________________________________ Do You Yahoo!? From homework help to love advice, Yahoo! Experts has your answer. http://experts.yahoo.com/
"James M. Shuler III" wrote:
Bang for the buck and the cost of my time:
Netgear rt311. Nice box, plugs in with NAT and filter and works, allowing for customized config at liesure. Simple dual ethernet with web config and telnet CLI with outrageous options for the measly $100.
I like the Netgear RH348 ISDN router I have now, except... I can't turn the telnet interface off. And I don't want people to have access to it, and this is on my home PC, so I don't really need remote access. -- ** To all who asked: The Chow now has a good home! Tnx for your interest ** Steve Sobol, BOFH, President 888.480.4NET 866.DSL.EXPRESS 216.619.2NET North Shore Technologies Corporation http://NorthShoreTechnologies.net JustTheNet/JustTheNet EXPRESS DSL (ISP Services) http://JustThe.net mailto:sjsobol@NorthShoreTechnologies.net Proud resident of Cleveland, Ohio
I've got a Pentium 100 running OpenBSD 2.7, setup with two nics in bridging mode with ipfilter. It required no re-addressing of my existing network and works quite well. I personally like it more than any of the desktop firewalls. I've got a 3Mbps cablemodem (downstream is actually UHF instead of cable plant with an ISDN wired return), and it handles all the traffic with no problem. I'd reccomend this setup over the desktop firewall packages. They generally don't report enough information to effectively track offenses down. With an *BSD or Linux box you get a lot more tools to help you, like tcpdump, ethereal, snort, etc. -- Joseph W. Shaw Sr. Network Security Specialist for Big Company not to be named because I don't speak for them here. I have public opinions, and they don't. On Thu, 2 Nov 2000, J. Gilmore wrote:
I'm looking to beef up security on a home DSL line. Currently I am using ZoneAlarm (the freeware version). I'm thinking of taking an old Pentium 120, and setting that up as a firewall, but wanted to know if anyone else had a better idea.
Of course, you could always find a ISP that is using the Nortel Shasta box. Great little box with firewall abilities built into it, Checkpoint style. The problem with filtering at the CPE end of the DSL/Cable link is that whatever you throw away, it has already consumed the bandwidth to get it there. Look for more providers to start using it, and for some major announcements to come. You may still want to be sure that your box is secure, in the event that you WANT remote access to your home. -----Original Message----- I've got a Pentium 100 running OpenBSD 2.7, setup with two nics in bridging mode with ipfilter. It required no re-addressing of my existing network and works quite well. I personally like it more than any of the desktop firewalls. I've got a 3Mbps cablemodem (downstream is actually UHF instead of cable plant with an ISDN wired return), and it handles all the traffic with no problem. I'd reccomend this setup over the desktop firewall packages. They generally don't report enough information to effectively track offenses down. With an *BSD or Linux box you get a lot more tools to help you, like tcpdump, ethereal, snort, etc. -- Joseph W. Shaw Sr. Network Security Specialist for Big Company not to be named because I don't speak for them here. I have public opinions, and they don't. On Thu, 2 Nov 2000, J. Gilmore wrote:
I'm looking to beef up security on a home DSL line. Currently I am using ZoneAlarm (the freeware version). I'm thinking of taking an old Pentium 120, and setting that up as a firewall, but wanted to know if anyone else had a better idea.
On Thu, Nov 02, 2000 at 03:38:23PM -0800, J. Gilmore wrote:
I'm looking to beef up security on a home DSL line. Currently I am using ZoneAlarm (the freeware version). I'm thinking of taking an old Pentium 120, and setting that up as a firewall, but wanted to know if anyone else had a better idea.
Well, if your place of business will buy you a copy of their firewall, that will enhance your ability to support the tool, making this whole thread marginally on-topic. :-) Otherwise, your idea is perfect; Linux or OpenBSD, whichever you're more comfortable with, will give you the most flexibility, and Solaris x86 might work but will be dog-slow and unless you have a lot of RAM, completely unusuable.
participants (10)
-
Bryan Pace
-
David Charlap
-
J. Gilmore
-
James M. Shuler III
-
Joe Shaw
-
Sean Figgins
-
Shawn McMahon
-
Steve Sobol
-
Steven J. Sobol
-
Todd Caine