[NTLUG:Discuss] inet security plan

Wed Aug 31 09:30:05 CDT 2005

As you may recall, I have been sitting on the fence, exploring ADSL.
It has been a rough start as the first "modem" VZ sent is broken,
well, the physical power switch is stuck in the Off position. I was 
about to open it up and fix it but decided not to risk VZ claiming
I broke it). They sent another ADSL modem Tuesday. I noticed that 
it says "made in USA, B90-327W15-06, rev D" while the broken one 
is "made in China, A90..., rev F". The USA one also has a horiz power
switch, not vertical. Other than that, the outside looks the same.
BTW, I had VZ change me over to the $15/mo 768k plan. Hopefully,
I won't regret the slower speed. Due to the broken modem problem,
I never tried the 3.0M speed.

A while back, I asked for info on what are the best ways to protect
a M$ box using a h/w router with built-in firewall, etc and/or a
Linux-based firewall. At the moment, I think the Linux choice is the
way to go as it's free and much more flexible and informative.
I saw the h/w router as a much quicker solution but not better. In
some ways, I have some reservations in the space/power/heat of
having a dedicated old PC doing this work. I don't want to have
my newer Linux systems doing the job because then I couldn't
freely tinker with improvements, risking a family DSL outage. One
of the posts mentioned a website that had a plan of sorts (or a
how-to?) but upon going to it, all I got was table-of-contents.

I am looking for websites/etc that can help me sort through all the
choices and combinations at hand. I certainly could (and might)
plow through each product's info but that takes considerable time.
The items that come to mind are: ipcop, smoothwall, shorewall,
iptables, webmin, squid, ... I suppose I could just setup the iptables
for now and then add other security items like squid later. 

A related topic: For those that have set up a dedicated Linux box
that isn't their main system: What other services do you have it
do? Apache? print server? ... Obviously, a print server would not
be practical should I have the likely need to thow the box in a
remote area (like a closet). My current target is a K6/233Mhz. If
needed, a pIII/450Mhz could be made available.

Until I get things sorted out, I plan to continue the "only Linux
has access to inet" rule at the house. In order to activate my
DSL account, it appears that I must do so with an M$ box. There
isn't any info (DNS IP#, etc) from VZ. Since I don't want to put
my family's unprotected M$ box on the inet, I'll be slapping together
a M$98 minimal install - just so I can run VZ's ADSL install CD.
Not a big deal, just a pain that VZ could easily had me avoid.
=TR=