re: Home firewall/NAT appliances

[Mike Hoskins <mike () adept org>]

> Date: Wed, 16 Jul 2003 09:22:16 -0400
> From: Dave Piscitello <dave () corecom com>
> Subject: [fw-wiz] Home firewall/NAT appliances
> Most every home firewall/NAT appliance I've configured
> comes with an out-of-the-box default policy of "allow any outbound".
> Is this everyone's experience?

that has certainly been my experience...  i believe that's to stop the
flurry of 'why doesn't my internet work?' calls to tech support.  most
users expect plug and pray, and don't read docs when things fail to work
OOB...

to be fair, many commercial firewall solutions do the same.  the
difference is, many (most?) firewall appliances are configured by end
users, not security professionals.  as a result, trojans that find their
way to the victim's machine are essentially given permission to bypass the
firewall.  all without the user's knowledge, of course.

i can't really blame the manufacturers though...  at least not completely.
(if they specifically sell the box as a 'solution' in a way that implies
things should work OOB, then i would place blame.)  i can't comprehend
someone buying a 'firewall' and not knowing some configuration is
required.  maybe 'some assembly required' needs to be explicitly stamped
on security product packaging like it is on children's toys.  ;)

-mrh

--
From: "Spam Catcher" <spam-catcher () adept org>
To: spam-catcher () adept org
Do NOT send email to the address listed above or
you will be added to a blacklist!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards