[plug] Advantages of Linux-based firewalls?

[Michael Hunt]

> Andrew Furey [mailto:simpware at yahoo.com] wrote:
> Hi list,
>
> Now that Telstra have finally got around to upgrading
> the exchange in our area (Girrawheen), we've been able
> to get ADSL the last couple of days.

So if Girrawheen has it does this mean Armagale/Kelmscott should get it soon
??? (I'm hanging out for fast3er web downloads when I get back to Perth in
September).

> Currently it is connected to Dad's W98SE box which
> does masquerading (or Internet Connection Sharing as
> M$ is so fond of their "commonplace" names :). Since
> getting the fast link he is also in the process of
> putting on a free, but proprietary firewall program
> (not sure which one).

i'd probably say he is probably planning to use zone alarm. This has got
good writeups in verios windows mags and it is what I would recommend (and
use personally) for those that have to connect to the net with a windows
machine.

> I have been saying for several months that we should
> replace it with a dedicated gateway machine (I have
> most of a lowend Pentium, or even a 386 which might do
> the job) running you-know-what. So far they show no
> interest whatsoever.

I'm sorry to say this (since it is your old man and I don't really know him
or you that well take what I'm about to say with a pinch of salt), but I
think you have struck a M$ bigot (and don't worry there are linux ones out
there). As the saying goes you can't teach some old dogs new tricks (or even
old ones that are better than the ones that they are using).

> My question is: does anyone know of any compelling
> reasons to switch? Yes, I've already tried the
> standard "more stable and secure" lines, but they
> don't seem to care. I've also (I think) used the "open
> source -> better all round" but they don't buy that
> either.

Sure my most compelling reason is this. I call it the sacrifical lamb
policy. If you are going to connect a machine to the internet via dialup or
something more permanent you are exposing yourself to not just the potential
of an attack but the outright certainty given enough time. Given the vast
number of security holes with M$ products (has you Dad fixed IE's nummerous
security "features", Outlook's downright dumb security mocdel etc) you are
increasing the proabilty exponentially. Now you add ADSL (a script kiddies
dream turf) and the odds of a brerakage are pretty high. (And I haven't even
mentioned viruses yet !!!). Ask your dad this: Does he want to be the one to
rebuild/restore/recover the win98 machine with his data on it when it gets
hacked ??? Or would he rather have another machine acting as a scapegoat for
his machine so that in the event of a successful breakin all that is lost is
his internet connectivity for a while. (If you use something like Freesco
www.freesco.org - a FREE ciSCO firewall based on Linux - then all you have
to do is reboot the computer as all the files are stored on a write
protectable floppy disk !!! Try getting this same functionality out of
windows)

> Any great advantages, horror stories, irrefutable
> arguments, etc? Keep in mind he has an MCP in Access
> and is very much coming from a Windows background (he
> would definitely be capable of using Linux from an
> intelligence point of view, if he was at all
> interested).

Look I would say get your hands on a good Firewall book like the orielly one
and show your dad that professional security experts preach a minimalist
approach when it comes to firewalls, if its not needed on the box then don't
put it on there. If he wants a workable machine for his use amd a secure
firewall then the best thing he can do is get the firewall onto a machine
dedicated for the purpose.

> Thanks in advance
> Andrew

P.S. Sorry if a rambled above or said anything offensive but I'm pretty
tired at the moment and I can't stand it when sometimes things are so plain
an obvious and really intelligent people who I respect don't getr it. Just
some pent up feelings of frustration that I am probably getting rid of here
!!!

Michael Hunt
West Africa