jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA
| reply to Thomas M
Re: AtGuard Support Forums back online
It is rather interesting how situations change, isn't it? 
When I first became concerned about firewalls back in 1999, I was on a dial-up connection with a single PC. From there I progressed to a dial-up connection supporting a local LAN (which relied on Microsoft's Internet Connection Sharing (ICS) software). Amazingly, I found that AG still worked fairly well in this situation (but it did miss a few things) while installed on the gateway machine. There was, however, the little matter of doing some customization to Microsoft's default setting for ICS, at least at that time.
Later on, I got an SMC Barricade 7004 ABR. It was (and is, I think) one of the few NAT routers that supported dial-up connections. Between its NAT functionality and rudimentary firewalling, it pretty much eliminated a lot of the unsolicited intrusions that I had devoted excessive time to for years. Unfortunately, the 7004 ABR worked quite nicely, but logged very little of the traffic it was stopping. I felt suddenly very 'left out' on knowing what was happening 'out there'. (I didn't have a spare box to stuff into a DMZ.) All of my software firewalls pretty much went quiet at that point. (AG, NIS/NPF, Sygate, TPF/KPF) Indeed, at this point, what I refer to as PSFs (Personal Software Firewalls), became much more discriminating and (in that sense) much more useful in what I saw in their logs.
Indeed, everything I subsequently saw fell into one of three categories:
• Something I'd installed (on one or more of the PCs here) trying to initiate an outbound communication. Mostly these were innocuous, but every now and then, . . . .
• An indication that one of the kids had changed the configuration on one of their PCs and that was consequently trying to do something on the LAN that I didn't want being done on the LAN.
• An indication that one of the kids had gotten sucked into installing something on one of their PCs that I will kindly describe as crapware, if not downright malware.
So, the 7004 ABR Router itself was a big bonus in cutting down on maintenance and management activities. It also picked up some attempted WAN intrusions that looked quite innocuous when I had been relying on AG on the ICS host machine. (Indeed, these were about the only thing the 7004 ABR ever logged!)
When I changed my connection from dial-up to DSL, I ended up with a new, combination DSL modem/NAT router/hardware firewall (it was part of the package) and things actually got quite boring as far as the installed PSFs were concerned. (And that was probably a good thing as Symantec started distributing buggy LiveUpdates for the single version of NIS that I was still running.)
Now, the PSFs are primarily for intra-LAN security purposes here. If I had a laptop that got connected sometimes here and sometimes at work or travelled, it would most definitely have a PSF on it. (And one of those will be coming into the mix rather shortly, I suspect.) Similarly, if our machines had multiple Internet connections -- some dial-up, some via a LAN DSL connection, some via a LAN cable connection, and especially any relying on wireless LAN connectivity, you can bet your bippy it's not going to get used here until it's got a PSF installed.
That's almost enough pontification for the moment -- with one exception: I'm now starting to look for something that will integrate logs from various PSFs (I use a different PSF on each box) and the hardware firewall on the NAT router. (I see another development project coming. )
--
Regards, Joseph V. Morris |
