>I assume, hamish, you refer to security. I believe it easiest and cheapest

>to run an old box, separately, to access the internet. It is hard for any

>virus to penentrate a lack of connection and similarly it is hard to
>download from that same level of connectivity! (I mean non connected PC's!)

>A couple of Jaz drives allow convienant moving of large files as necessary.

>(eg 80M service packs!)

The concept of security through non-connectivity is not unknown. I know the
Canadian SIS have dedicated PCs for Internet access which are not connected
to their internal LANs. To decide whether or not this approach is for you,
you must decide whether or not the effects of a attack outview the convenience
of access. For myself, I feel that convenience in conjunction with a good firewall
provide me with a solution which is both cost-effective, secure-enough, and
convenient.

>I'd be interested to hear any comments on such "firewalls", particularly of

>any more cost effective options.

You could use that same old machine and give access to everyone. I consider
convenience to have a value.

I use an old 486 box with two network cards. One card is attached to the ADSL
box. The other is attached to my hub. It runs FreeBSD as the operating system
(Unix) and uses ipfilter (a packet filter) to implement the firewall. Incoming
connections are tightly restricted to known sources.

All of the above software is free, highly tested, and in widespread use. And
not just by geeks like me. It's used by Yahoo and HotMail to name a few you
might recognize. But enough selling.

You can see a diagram of my network setup at:

http://www.freebsddiary.org/freebsd/topology.htm

Please note that the diagram doesn't actually show the ADSL box but it's between
the FreeBSD box and the ISP.
-
Dan Langille

To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message
Received on Thu Jul 8 10:46:53 1999