[NTLUG:Discuss] Re: firewall/router to protect M$ box

[Moses McKnight]

Leroy Tennison wrote:
> Another issue is that a firewall is only part of the defense because it
> is a packet level application.  Configuring a firewall to allow only
> inbound traffic on connections you request (my understanding of what spi
> really is) has no benefit if you decide to make or accept a "connection
> offer" at the application level.  What I mean here is double-clicking on
> email attachments, or visiting questionable websites.  For the latter,
> the real problem is deciding "what is questionable".  I'm personally
> opposed to porn but I have found myself unwittingly landing on a porn
> site a couple of times just from my Web searches and mis-typing a "good"
> web site's name.  An example of a porn site's "opportunism", if it's
> still out there, is whitehouse.com (I believe that's the URL, the
> website for the US White House is whitehouse.gov).  You have to think
> about the kids here, they will mis-key website names and likely not have
> the discretion adults would have about what web sites they visit.
> 
> I'm reading things which say that a proxy has more granular control over
> content than a firewall and am considering looking into Squid as a
> result.  Can anyone who has experience with Squid  comment on this? 
> Thanks.

I don't have a much experience but I set up Squid and Dansguardian on my
home network and it seems to work quite well.  Dansguardian is what does
the access control and you can download rules and blacklists for all
kinds of content and sites you want to block.  I set mine up as an
invisible proxy which is nice and seems to work well.  Give me a shout
if you want more info and I'll see if I can help.

Moses