firewall on budget ?

if alot of the advice you give here is for the ignorant masses, then techie people reading comp.security.firewalls , following your solutions, will have the solutions of the ignorant masses.

Don't know much about Usenet do you?

In Usenet, since MS provided an easy, although broken means to access it by the ignorant masses, you never really know who or the technical level of who is asking questions or their level of experience. Unless the OP explains in great detail about the problem and other information, you generally need to start at the lower level and work your way up with them.

In the case of a "Firewall on a Budget" subject, this would have been posted by someone not very experienced with firewalls and someone that was just starting to learn - in most cases.

Techie people often think they know a lot, but the good ones know they don't know everything and will still read posts in order to see if they might have missed something that could benefit them also. A techie person will not follow advice that does not help them.

Since most techie people already have a firewall appliance or a NAT appliance, they already have the solution for the ignorant masses, they know what they can do with a NAT router, they know that they can, in most cases, block outbound traffic, etc...

One last thing, I think it's rude to redirect a thread by setting the Follow-Up to another group when the thread clearly is on-topic in the groups it started with.

So, again, as we've all seen, the windows firewall is almost worthless in the hands of the ignorant - we see them running as local admins, installing software that puts holes in it, running p2p programs that put holes in it, using File/Printer sharing on a single computer network, disabling it when the install software tells them to disable it, not even running with antivirus software in some cases - oh, and the pop-up that tells them they are infected and to download this xxx program to clean their system.....

ISP's have taken some small steps, like blocking outbound SMTP except through their mail servers, blocking inbound SMTP/HTTP to their dynamic networks, etc... it could be a lot better and it would be free.

that's what i said, but without words like 'dial in' (this isn't about dial up). I know what you mean there.

Leythos didn't claim that NAT blocks all attacks.

you mentioned DDOS at the NAT device, (which i think leythos said wouldn't affect the LAN part of it)

and you mentioned botnets, and one could mention other malicious clients.

And leythos has mentioned some that it would block. I've seen for myself a comp compromised to be a malicious smtp server.

The windows firewall blocks incoming but is easily compromised. A NAT router blocks incoming but isn't so easily compromised. one could use both.

do you have an argument against that?

Yes. But never mind.

But in usenet, you don't write for just one person.

Techie people like to know what the options are.

Maybe one other option will be of interest, maybe many will.

So now a firewall appliance is for the ignorant masses. I was of the impression that maybe, when you wrote of a watchguard firewall appliance, you had a higher view of it. What is your option above that?

I figured you're a techie that likes firewall appliances, since that's the solution you write about, that and NAT Routers. I'm suprised you called a firewall appliance a solution for the ignorant masses! You're probably the person that made the term 'firewall appliance' popular in this newsgroup.

I think, if one has servers, then your description of that firewall appliance seems quite good.. means one can setup a (real) DMZ, and so on. More appropriate than a mere NAT Router. i'd like to know what other options are.. Then maybe people can judge if they'd be useful, it may even inspire people to do something more interesting that makes use of them.

I didn't do that.

Well, typical end users call somebody to fix it. We know end users are computer stupid. Most techies give them a NAT Router. And give themselves a NAT Router, it's like 'the solution'. People have NAT Routers without even knowing what the box is. They get broadband, they get one.

Programs like ZA (people here seem to call them PFWs - i don't know who coined that one). They also cause problems to end users that can't google. Anti Virus software causes huge problems to end users that can't search for free ones, small ones. And pay and find their computer slowed down as norton or mcafee scans in the background. Anything can cause a problem for end users. Even a person on the radio telling them to get a virus checker. They do it themselves and they can install a malicious program. And even malicious so-called anti-spyware software. You shouldn't just be writing for end users. THere are many people reading, many techies, or aspiring techies, people looking to increase their knowledge.

yep and it'd save users from getting EMs from their ISP that they could be DC'ed(disconnected), and save people from getting SPAM from those users.

Are you going to play games like this?

Do know full well what I've been talking about this entire thread, it was not and is not directed at the tech/security types, and no one reading the subject would think it was about upper level information.

Yeah, the person is going to do just that, because it's a troll.

Yep, sad to say, but that's the way it looks.

I didn't just have in mind what you wrote in this thread. But anyhow.

I'm asking you then.

What you suggest that is directed at the tech/security types?

State a specific question, listing what you want to know, in detail that a "techie" would and I'll answer it.

well, i'm interested in an example of what you would consider a techie's configuration.

I could give you some suggestions, but i'm sure yours are better than mine. He's a techie, he may run an open web server, an open ftp server, and he may want to access his computer himself with VNC. Is that person one of the ignorant masses that you think should use a NAT Router or Watchguard firewall appliance? Maybe to you, that person is not a technical person.

I'm interested in an example of what you would call the configuration of a technical person. Of course, people are different. I'm just asking for an example.

You've given 2 examples of solutions for the ignorant masses.

I've set the follow-up to comp.security.firewalls since the other groups don't really fall into this - post your question in a thread in that group, under a new subject, and I'm sure myself and others will answer it.