|
Windows XP Service Pack 2 (pg. 6)
|
View this Thread in Original format
| rabbitjoker |
I just wrote a huge post and then acrobat froze up and killed all my browser windows, so y'all missed out. I'll try to re-type it but it will be much more succinct (as I open auto-saving word to write my post)
If you’re all bonered-up about security here are your 3 best options (in order of quality):
a) build yourself a *nix box to act as your firewall / gateway, keep the box secure, manage frequent updates, etc, etc.
b) purchase a hardware firewall gateway/router/switch product
c) use some sort of software firewall (windows, Sygate, Zone Labs, Norton, etc)
Option A is best – but is a heck of a lot of work, as you have to maintain and update the machine quite a bit. If your machine is compromised – so is your security.
Option B is better than C (physically located separate from your machine), but not as good as A (since A provides more options, various software, etc). IMO it's better than A as well (if you buy a GOOD one) - due to the maintenance required for A.
Option C is the worst – simply because if your machine is compromised – so is your security.
====================
When I got broadband about 5 or 6 years ago I chose option B – to get a hardware security solution. I’ll share my experiences/knowledge about all this.
Many of these hubs or switches you buy nowadays usually have some basic security options built into them – however they aren’t that great (but better than nothing). They are basically a hubs/switches with a cheap firewall chip thrown on it. I’ll call them all-in-one units. The all-in-one units lack a number of the important tools to ensure that your computer is completely protected.
So the basic thing to be known is that all-in-one products with built-in firewall/network systems is that they can provide very simple basic security. However the all-in-one units do leave out quite a bit of customization and a number of security options what would truly make a system secure. To conclude this “all-in-one” unit bit – they do provide better protection that doing nothing at all and provide better protection than software (Sygate, Zone, BlackIC, Norton, etc) but NOT better than a focused hardware firewall (and the cost differences aren’t all that much either)
Most importantly there are a few hardware firewall products that do a VERY good job and are rated by ISCA Labs who is in the business of testing devices for security quality. (TrueSecure - who provides certification services which test resistance to security threats and risks; certification is awarded based on pass/fail scheme).
I have a ZyXel (http://www.zyxel.com) ZyWall 10W - Internet Security Gateway with Wireless Ready (see links below) with the wireless option installed.
The ZyWall 10W is certified by ISCA Labs as a firewall / IPSec product (meaning it met the high levels of standards for security set by ICSA)
The ZyWall 10W product gives me a full featured hardware firewall, stateful packet inspection, SUA/NAT, IPSec for VPN, DHCP Server/Gateway, content filtering, packet filter, static routing, UpnP, bandwidth utilization rules, and fair-over/ fail-back (so when the broadband goes down, it auto-connects to you dial-up, and back when the broadband is back up).
ZyWall 10W Link: http://www.zywall.com/products/mode...alue=1021873683
A marvel of engineering if you ask me!!
====================
The drawback with the ZyWall 10W is that it is not a hub, and it is not a switch – but it is a GATEWAY. Meaning it can handle the processes behind operating a switch/hub, but it doesn’t have the switch/hub ports. So to run more than one computer off the ZyWall 10W you’d have to buy a switch (stay the hell away from hubs – only buy switches).
Here’s a bit of a diagram to show the differences between setting up an actual hardware firewall (ZyWall) or “all-in-one” unit:
“All-in-one”: Computer -> [Hub/Firewall/Switch] -> modem -> world
Hardware Firewall: Computer -> [switch] -> [hardware firewall] -> modem -> world
So see – if you want to run more than one machine of the XyWall 10W – you need the switch. Get a 100 Mbps switch as the XyWall 10W supports 100 Mbps (the switch should cost less than $50 for a 5 port)
Wireless You Ask?
The ZyWall 10W supports G class wireless. You buy an upgrade card that slides into the back of the ZyWall 10W and you automatically have all the benefits of wireless built right into your product.
If you want to make the whole place wireless – just forget about the switch and make every machine in your place wireless (which is what I have done).
Anyway – this my setup – and I am uber-secure, windows or not.
Sorry for going too long with this – I’ll try to be shorter next time. |
|
|
| cereal3825 |
| quote: | Originally posted by rabbitjoker
Wireless You Ask?
The ZyWall 10W supports G class wireless. You buy an upgrade card that slides into the back of the ZyWall 10W and you automatically have all the benefits of wireless built right into your product.
If you want to make the whole place wireless – just forget about the switch and make every machine in your place wireless (which is what I have done).
Anyway – this my setup – and I am uber-secure, windows or not.
Sorry for going too long with this – I’ll try to be shorter next time. |
After all this security talk, I hope you turned WEP on! :)
Steve |
|
|
| ShadoWolf |
| quote: | Originally posted by rabbitjoker
I just wrote a huge post and then acrobat froze up and killed all my browser windows, so y'all missed out. I'll try to re-type it but it will be much more succinct (as I open auto-saving word to write my post)
|
Acrobat is the single worst program of all time. |
|
|
| malek |
yea, get a cheap pc, install secure platform on it and Checkpoint firewall... thats the geekiest way of doing it :D
Checkpoint is one hell of a firewall! |
|
|
| malek |
for some reason, my web browsing is verrrry slow. it takes a while for a page to load then it loads right away.:mad:
and don't tell me go firefox, it does the same thing :whip: |
|
|
| tw1tch |
| quote: | Originally posted by malek
for some reason, my web browsing is verrrry slow. it takes a while for a page to load then it loads right away.:mad:
and don't tell go firefox, it does the same thing :whip: |
Your web browsing with SP2? I installed SP2 on my desktop and I can't tell the difference. Everything continues to work fine. |
|
|
| malek |
| quote: | Originally posted by tw1tch
Your web browsing with SP2? I installed SP2 on my desktop and I can't tell the difference. Everything continues to work fine. |
yeah, its friggin weird... |
|
|
| rabbitjoker |
Just auto-installed...
It works fine. All is good in the neighborhood. |
|
|
| rabbitjoker |
Just as an FYI: Mozilla/Firefox has had 10 security holes in the last 10 weeks or so.
Nobody is immune - thus is the nature of software. |
|
|
| St_Andrew |
| quote: | Originally posted by rabbitjoker
Just as an FYI: Mozilla/Firefox has had 10 security holes in the last 10 weeks or so.
Nobody is immune - thus is the nature of software. |
IE has 355 the last year :p |
|
|
| mot10n |
| almost one for every day of the year :p good ol M$ |
|
|
|
|
