[KLUG Members] Re: Broadband firewalls -- flawed logic and analysis ...

[Bruce Smith]

> > The big win is that there's no hard drive on this box and there
> > are no rootkits for it.
> 
> You can easily do the same with Linux too.
> 
> In fact, there are lots of free, Linux-based firewalls that offer this
> capability, combined with the "easy update" mentality that you like
> about those simplistic hardware firewalls.

Just to mention a couple that I've personally used:

1)  FloppyFW.  Entire stateful firewall on a single diskette!
(2.4 kernel) Edit the config file for IP & NIC settings and boot it.
Flick the write protect tab on the floppy and nobody can rootkit you.

2)  Devil Linux.  For those who want more services than you can fit on 
a diskette.  It boots from CD and saves it's config files to floppy.
There are MANY services available you can optionally turn on.
New version?  Download the ISO, burn a new CD and reboot.

Neither solution requires a hard drive.  And hardware can be obtained
dirt cheap.  Pentium class boxes more than capable of handling broadband
have been purchased at recent A1SCS computer sales (at the fairgrounds)
for as low as $5.  (yes, no typo, five dollars)

Disclaimer:  These comments were aimed at those people still shopping
for a firewall.  I'm not trying to talk Jamie into switching. 
I'd probably be wasting my time since his box is bought & paid for.

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------