Securing home computers (Was: Re: [Dshield] Re:[Full-Disclosure]Port Blocking)

Stephane Grobety security at admin.fulgan.com
Sun Jun 29 09:38:53 GMT 2003


MT> Easy now. Im just trying to offer fair alternatives to blocking ports at the
MT> isp. No reason to gore me. It doesn't take a rocket scientist to nat a home 
MT> network.

And a good one too. Ideally, every home users would be provided with a
Firewall appliance that does NAT and reverse proxy for POP, SMTP and
HTTP (so they can run a mail and web server safely behind, even if
it's imperfectly patched).

But that would STILL hinder the so-called "power users" who will want
to run other services and do their own filtering. And it would be a
rather expensive solution too.

No, I don't think there is a realistic solution but port blocking in
conjunction to different kind of contracts (one for "home users", one
for "power users" without the block).

Good luck,
Stephane




More information about the list mailing list