Re: cable modem access

["Kevin T. Shivers" <kts () clark net>]

> #1: secure the individual machines. This is easy for a Unix admin to do with a
>     Unix system; I've heard it claimed that Windows-savvy people can do this
>     for Windows machines as well. I don't do Windows, I can't say. In

The NT machines probably could be secured fairly well given enough time.
(Shameless plug alert) Check out my paper at http://www.clark.net/pub/kts/
on some things to do to improve security on an NT machine.  The Windows 9x
machines... well there is 1 easy way to secure it... it involves a copy of
your favorite UNIX or UNIX-like OS on CD, and well, you figure out the
rest...:)

Since you have that fast cable modem you may want to download demo copies
of ISS or CyberCop and run them on your local machine to see what it spits
out saying needs to be fixed.  If I ever get my NT scanner program done
you could use that too... sorry it's not done yet.

>     When pursuing this choice, it's a great help if you have a "netstat"
>     command (that's its name under Unix, dunno if there's anything like it for
>     Windows); this lists all open network ports on the local machine, along

9x and NT has netstat.  They also have nbtstat for that pesky NetBIOS
over TCP/IP junk.


> #2: If you can't secure the individual machines (commonest in a corporate
>     setting), or you just want the redundant extra security of an extra layer
>     of protection, you can set up a bastion host firewall. For that job I'd

Since I'm lazy I'd go for number 2.  Rock on Linux, or rock on OpenBSD.
It's a personal preference, both will work well. 

--
Kevin T. Shivers                 NT & UNIX Systems Mutiliator
Shivers Consulting               http://www.clark.net/pub/kts
kts () clark net