Re: What home class cable/dsl routers have IP blocking feature?

In the Usenet newsgroup comp.security.firewalls, in article
<PvudnRABj9G_aCPfRVn-ig@comcast.com>, Charles Newman wrote:

>Leythos" <void@nowhere.lan> wrote

>> My Firewall doesn't allow any ports outbound unless I create a rule for
>> them, and with proper setup on the appliance, neither P2P or IM get out
>> to connect to anything.
>
> However, my setup will requires everything to go through Socks and
>HTTP proxies I have setup on on the box running NAT. That is the way that
>AllegroSurf was built. This is why it is more secure than a hardware
>appliance. Requiring everrything to go through a proxy server closes
>most holes that a user can use to bypass security.

Charles, if your setup is so perfect, why isn't everyone in the world
using it. Especially professionals in the business who really work in
networking, instead of trying to fumble along like some blind child. Or
do you think microsoft uses your amateur setup.

By the way, have you spoken to Comcast yet about your brilliant anti-virus
concept. Or are you trying to talk to United about that 747?

> At least one small grocery store in my area is thinking of letting
>me upgrade their computer network. They think my idea of having a software
>based firewall is better than any hardware appliance.

Oh, so you are unable to work as a bean counter, and feel that getting
work as a computer expert is a good substitute? Do yourself a huge
favor, and consult a real attorney, and have him draw up any contract,
Make sure that the customer bears sole responsibility for everything, and
acknowledges it in the contract, and that you bear no responsibility for
anything. Also, make no guarantees about the firewall working, or that
the networking will not be disabled. Oh, and find someone to insure you
against business liability. Gross incompetence has not been ruled as a
mitigating circumstance in liability cases.

>They area low-budget operation, and a setup like mine would be cheaper
>to own and operate than something with a hardware firewall. You dont have
>to have expensive certfication courses to run it. Anyone who a college
>degree in either IT or computer science could run it.

They must be so "low-budget" that they can't afford to do 'due diligence'
investigations? They don't ask if you have any practical experience doing
this for other firms? And I know this is crushing to you, but "a college
degree" is not the answer - it's experience that is needed.

>That saves money in the long run, becuase someone with something like an
>MCSE or MCSA, on top of a degree, commands a higher starting salary than
>someone with just a degree.

Not around here. Most understand that a microsoft certified anything is
a person who passed a senseless test by memorizing useless facts - useless
in that they have no use in the real world. This means that the person
has no practical knowledge, and a demonstrated lack of common sense because
they wasted money pursuing a non-reputable "training" plan. On the other
hand, do you know why the CISA is worth money to employers? One of the
requirements is 5 years paid direct experience in the field. Book learning
is OK (unless it's from microsoft), but the real deal is direct experience.

        Old guy
Received on Thu Sep 29 19:57:03 2005