On Fri, 2006-14-04 at 14:43 -0400, tfreeman@xxxxxxxxxxxxxxxxxx wrote: > On Fri, 14 Apr 2006, Wolfgang S. Rupprecht wrote: > > > > > > But then I have two D-Links, and I'm very happy with both. > > > > Folks advocating those consumer firewall / NAT boxes might be > > interested to read this. > > > > http://people.freebsd.org/~phk/dlink/ > > > <<snip>> > > Note, I can't see the value of running one of those under-powered > > boxes as a firewall. Why? It uses the same software firewall that > > fedora does. Why not run the firewall on a more powerful box like > > your main computer? > > To answer your question, sort of, "Because I mess up my more powerful > machine on a semi-routine basis." Mind you, I try to keep a firewall going > on that more powerful machine also which should be fairly tight also, but > I figure one reasonable firewall backup with a second firewall created a > different way should be moderately resistant to automated attacks. Layered defences are definitely the best method of protecting your systems. Even at home I have a hardware firewall, but it is supplemented, by hardening the machines and installing software firewalls on each one as well. Since I don't use the wireless on my router I disabled it and put a shielded terminator in place of the antenna. I have intrusion detectors and other monitoring systems in place as well. I am not saying my computers are totally secure, but I don't have any confidential info on them. I don't pay any bills or do my taxes on any of my machines, and my email is not all that interesting, I can promise that.:^(
