Not _firewalling_, but access limitation. Grandma can live with PNAT router - she do not need any firewall, if she do not grant external access to anything. She can live with Windows _default deny_ setting. If grandma have extra money, it is better to purchase anty-virus.
Moreover. Just for _ghrandma_, it can be cheaper do nothing than to invest into security (bad thing for us, I know!) - because she lost '$0' in case of intrusion... It explains shidespread of modern viruses, spam-trojans etc (they cost '$0' to infected households in many cases). It is as Wireless access - my friend have secured access point, but when I tried, I could use unsecured access points of 2 his neighbourths. They know abouth insecurity - but they do not lost anything, so they do not want to spend $0.01 to improve it. And unfortunately, I can not blame them. > > On Wed, Mar 17, 2004 at 08:54:57AM -0800, bill said something to the effect of: > > > > The best option I guess is to figure out how important it is for you to have a firewall, > > > > > > _Everyone_ (network connected) should have a firewall. My grandma should > > > have a firewall. Nicole, holding dominion over this business network and > > > its critical infrastructure, should _definitely_ have a firewall. ;) > > > > > Why? When did the end2end nature of the Internet suddenly > > sprout these mutant bits of extra complexity that reduce > > the overall security of the 'net? > > > > Two questions asked, Two answers are sufficent. > > Nope. One will do it. The day the first remote exploit or condition, > in protocol or application, that could potentially have given rise to such > and exploit made it possible for a user not in your control to gain control > of your box(en), firewalling became necessary. Then Internet is not exactly > end-to-end beyond pure fundamentals; it's more end-to-many-ends. And the > notion of "end-to-end" requires preservation of a connection between 2 > consenting hosts, and preservation includes securement of that connection > against destructive mechanisms, which includes the subversive techniques and > intercetptions commonly associated with network security. > > Denial of Service is as much a threat to availability and network > functionality as is power outage if it occurs. Before this turns to a "you > security freaks want to screw around with my network and don't care about > availability..." > > Firewalls are logical interventions, costing as little as some processor > overhead. Dedicated appliances are only one deployment. Filters on > routers also qualify as firewalls. Am I correct in understanding that you > feel edge filtering is mutant lunacy and unnecessary complexity? > > Regarding dedicated firewalls, please see Mr. Bellovin's previous post > regarding appropriate and competent administration. The lack thereof > presents the complication, not the countermeasure itself. > > As for your assertion that firewalls "reduce the overall security of the > 'net."...can you please elaborate on that, as well? Other factions might/do > argue that it's the other team refusing to lock their doors at night that > are perpetuating the flux of bad behavior as a close second to the ignorant > and infected. > > --ra > > -- > k. rachael treu, CISSP [EMAIL PROTECTED] > ..quis costodiet ipsos custodes?.. > > > > --bill > >