[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How insecure are cable connections, versus dialup?

Jamin W. Collins <jcollins@asgardsrealm.net> [2002-12-08 12:21:40 -0600]:
> On Sat, Dec 07, 2002 at 04:43:44PM -0700, Bob Proulx wrote:
> > Although the linux kernel iptables firewalls are excellent I still
> > recommend a separate firewall box between your computer and the Evil
> > Internet.  
> (snip)
> > In my opinion the cable modem should always have had one of these
> > built into it.
> Ick.  Multi-function devices are in general a bad idea.  Frequently they
> end up restricting the end user to a small subset of possible
> configurations and uses.  In most cases you're better off with a
> dedicated device serving a specific purpose.

I actually think we are mostly in agreement.  But let me debate you in
the absurd.

Would you suggest that your keyboard interface to your computer be
separate?  And your mouse?  Serial port?  Parallel port?  Of course
not.  We expect that computers today will have them intergrated into
the same controller chip.  However, I clearly remember the days when
this was not so and the motherboard was a large array of separate
components.  And there were many flavors of serial and parallel port
capabilities.  However, some components become so common and so well
accepted that they are just commodities to be bought from the lowest
bidder.  This is the way of all of the computer peripheral interfaces
and today all of the common ones are integrated onto one single VLSI

I propose that while firewalls today may still be somewhat spotty in
terms of capabilities that they will very soon be universally the same
in terms of capability.  Certainly if they are then there is no reason
not to treat them like a commodity as well.  If a modem is $80 and a
firewall is $80 then that is $160 for the set.  If you need to upgrade
the firewall then you spend another $75 for the newer (and in the
future cheaper) replacement.  I propose a combined box for $80 if they
had been that way all along.  If you need to upgrade the firewall you
buy an upgraded combined box for $75 in the future that replaces both
and don't shed a tear that the modem which was working fine and could
have been saved from that bundle but is tossed as part of the combined

If they are integrated then there is no need for yet another power
supply brick plugged into the wall and wires from there to the box.
No need for yet another set of network wires connecting those two
boxes.  Contrast the fact that the manufacturing cost of two sets of
boxes is double that of one.  Contrast one single modem / switch with
integrated firewall capability to a set of separates.  Especially if
the separates are from the same manufacturer then certainly the
capability exists to put both in a single box.

Now enter the newbies and the grandmas who are now assembling computer
systems.  They will not know the ins and outs of a whole assortment of
separates.  Should they need to?  Especially in those cases it is
better to provide the standalone complete system in a box.  Especially
because that comes with a good support system to help them when they
need help.

Really this is similar to the evolution of stereo equipment.  While
the high end audiophile may prefer custom crafted modular systems most
people who just want to listen to the radio prefer a standalone

> > A firewall box like a Linksys, D-Link or Netgear or other is just
> > perfect for SOHO needs.
> You'll want to be careful with these devices and make certain they
> support your intended use.  As these are hardware solutions, you are at
> the whim of the manufacturer as to what it can and can not do.  Some of
> these devices didn't support GRE packets (necessary for PPTP based VPN
> connections) or IPSEC connections.  Many of these short comings have
> been addressed by the manufacturers, but these problems can (and in some
> cases still do) exist.

Agreed.  Speak with your wallet.  Buy only something that works for
you.  Buy it, test it, verify the marketing claims.  If you buy
something and find that it does not work for you then return it and
buy one that does.


P.S. I run my own linux firewall router.  As a tinkerer I find it
delightful.  Technically it is a superior solution.  But don't let me
suggest to my mom that she should build and install one.  They are not
consumer electronic components.

Attachment: pgpAxjxlLDvWk.pgp
Description: PGP signature

Reply to: