At 12:26 PM 06/14/2001 -0500, David Douthitt wrote
>Mike Sensney wrote:
>> Imagine you are a Windows user. :-)
>
>Not hard - but now I've got VNC on my NT box and a vnc server on the
>Linux box :-)
>
>> You have heard about firewalling, have a
>> spare computer, and want to protect your home/office network. You don't
>> know RedHat from YellowDog and don't really care. You don't have the time to
>> read all of the docs. You don't want to have to make all sorts of choices.
>> You do have a particular need and want to fill it.
>
>I would strongly protest to such a person that if they want to run a
>firewall, they better know something of how it works. You don't buy a
>security system without knowing how to use it - or shouldn't. You
>don't buy a lock without knowing how to use a key. If you don't know
>how to use and configure the firewall, you'd be just as safe not using
>it (in my opinion).
Windows users who don't know Linux/ipchains should just skip installing a
LEAF firewall since it will add no protection? Well, that will simplify
things a lot for the new users page. "You don't know Linux? Don't use a
Linux based firewall!" :-)
>What most people want - a blackbox that you plug in and turn on and
>forget - it just isn't going to happen:
>
>1. Too many variables: do you want a VPN? Shell access? Proxy?
>DMZ? Web Cache? Web server? SNMP? Web statistics? Name services?
>DHCP?
How many of these services are going to be needed by a newbie for a
first time setup?
>2. Insecurities are constantly being discovered - a solid protected
>system will be a security risk in six months.
How many insecurities have been discovered in the EigerStein2 since its
release? For that matter, how many people are still using 2.9.4 or even
2.9.3 LRP releases that have never been updated? And how hard is it to
hack one of these boxes if it is running as a basic system, meaning no
extra daemons on them that are exposed to the Internet?
Still, a point well taken. It probably would be wise to institute an
advisory list for package updates and security issues.
>Something to point out: point #1 - how many non-computer people would
>understand ANYTHING in that sentence? If they're not willing to
>learn, they're in real trouble.
>
>> What I personally would prefer is a page where a more experienced person has
>> laid out a series of choices for me like:
>>
>> Dial Up
>> DSL with PPoE
>> DSL with DHCP
>> RoadRunner cable
>>
>> Each entry with a description to help you choose. Maybe broken down by
>> geographical area like US/Canada, Europe, Australia, etc. Click on a link
>> and it takes you to the required how-to for implementing it.
>
>Ah, but you just said that they don't have time to read HowTos :-)
:-) I'm talking quick and dirty HowTos, specific to the type of connection you
need, be it DSL or DialUp, and even specific to service providers.
>Anyway.... that's my point. However, this point of view shows my
>biases too - I do NOT want someone to tell me "push that button, it
>works" - my first question then is "WHY does it work?" and "HOW does
>it work?" Unfortunately, this gets me into trouble when I start
>explaining technical stuff to non-technical people :-)
Nothing wrong with your view point. That is why Oxygen is such a good
product. (The LEAF Army Knife tm) By the same token, it is also intended for
the more advanced user. And it shows in the stats. Your stuff gets
downloaded a lot, yet few questions are being asked on how to use it. Must
mean they don't need the hand holding. :-)
