[H-GEN] What's a good firewall for WIndows user?
Byron Ellacott
bje at apnic.net
Sun Sep 26 19:20:55 EDT 2004
David Seikel wrote:
> My brother has recently got himself a broadband connection, and he asked me for advice on firewall software. Last time I checked he had two Windows boxes in his house. He is a photo copier / fax / printer technician for Xerox, and he has some basic Unix training to help him with his work.
Step 1: buy a cheap hardware router that does NAT
Step 2: reinstall the Windows machine, from behind said router
Step 3: replace Internet Explorer with Firefox
Step 4: remove Outlook Express
Step 1 is the most important. Do not let the Windows machine be
generally addressable from the Internet, because that is Not Safe. No
firewall software can fix bugs with the TCP/IP stack of the machine it's
running on. There may be some philosophical problems with NAT, but it's
a hell of a lot better than exposing unsafe devices.
If you do the above, you don't need a "personal firewall." Of course,
having one that asks the user for confirmation before making an outbound
connection doesn't hurt any.
I use a Netgear WGR614, which bridges a wireless and a wired LAN
together, then NATs them onto the WAN. It also does my Bigpond cable
logon management for me, but I also had it configured to have a Linux
headless box doing the logon management at one point. The WGR614
doesn't handle high connection loads well, I've found, but otherwise is
adequate.
--
bje
More information about the General
mailing list