[NTLUG:Discuss] Re: firewall/router to protect M$ box

[Leroy Tennison]

Moses McKnight wrote:

>Leroy Tennison wrote:
>  
>
>>Another issue is that a firewall is only part of the defense because it
>>is a packet level application.  Configuring a firewall to allow only
>>inbound traffic on connections you request (my understanding of what spi
>>really is) has no benefit if you decide to make or accept a "connection
>>offer" at the application level.  What I mean here is double-clicking on
>>email attachments, or visiting questionable websites.  For the latter,
>>the real problem is deciding "what is questionable".  I'm personally
>>opposed to porn but I have found myself unwittingly landing on a porn
>>site a couple of times just from my Web searches and mis-typing a "good"
>>web site's name.  An example of a porn site's "opportunism", if it's
>>still out there, is whitehouse.com (I believe that's the URL, the
>>website for the US White House is whitehouse.gov).  You have to think
>>about the kids here, they will mis-key website names and likely not have
>>the discretion adults would have about what web sites they visit.
>>
>>I'm reading things which say that a proxy has more granular control over
>>content than a firewall and am considering looking into Squid as a
>>result.  Can anyone who has experience with Squid  comment on this? 
>>Thanks.
>>    
>>
>
>I don't have a much experience but I set up Squid and Dansguardian on my
>home network and it seems to work quite well.  Dansguardian is what does
>the access control and you can download rules and blacklists for all
>kinds of content and sites you want to block.  I set mine up as an
>invisible proxy which is nice and seems to work well.  Give me a shout
>if you want more info and I'll see if I can help.
>
>Moses
>
>_______________________________________________
>https://ntlug.org/mailman/listinfo/discuss
>
>  
>
Thank you, I appreciate the feedback and information.  One of these days 
I'll get around to actually setting it up.