RE: [m0n0wall] Feature request which would make m0n0wall even bet ter ;)

From:	Hilton Travis <Hilton at QuarkAV dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	RE: [m0n0wall] Feature request which would make m0n0wall even bet ter ;)
Date:	Wed, 28 Jan 2004 07:41:01 +1000
Hi Joachim,

On Wed, 2004-01-28 at 01:09, Christiaens Joachim wrote:
> > -----Original Message-----
> > From: Hilton Travis [mailto:Hilton at QuarkAV dot com]
> > 
> > m0n0wall is a firewall.  It isn't a file server, nor is it a 
> > BSD distro designed to run as a fish tank controller.  I cannot
> > understand why people want to compromise the security of a
> > security device by running additional software on it that is
> > not designed, suited, or even safe to be running on a firewall.
> > 
> > Ever heard of E-Smith, Clark Connect, BSD, Linux, Windows SBS, etc? 
> > These are designed to be modular systems that run extremely well
> > behind a secure firewall, work as a modular system, and can easily 
> > provide all the functionality that a firewall shouldn't.
> > 
> > Personally, I want a firewall that is a firewall.  I'll have another
> > internal, protected, server to run these server functions.  
> > Security is paramount for a security device, and for your network.
> > 
> As well as I support your vision for the network of my corporate customers
> AND my personal home network, I can also understand another aspect of this
> not-so-easy to reach balance between secure and cost-effective.
> 
> At the moment, in reality, there are a lot of Windows desktops, directly
> connected to the internet, with -at best- a personal software-firewall. This
> not only at home-setups, but also for a lot of small businesses!

Yes, I know this situation well.  This is one of the things I get a lot
in my business - a small office with no clue about security.  I have
installed many firewalls (only) in situations like this as they had no
immediate need for a file/other server.

> Something in between could be a firewall with some simple (or complex even)
> network services, which could convince the customer of putting at least
> something in between his LAN and the big bad internet.

If these customers are running successfully *without* a file/other
server, then a firewall is ALL they need (right now).  At a later point
in time you can install a file/other server in their network - you are
likely to get the work if the firewall you have already installed has
secured their network successfully (of course, with a decent AV program
(http://www.nod32.com/), regular OS security updates, and the other
sensible security measures that are essential to secure a network.

> If I make an offer for a travel agency that has 2 workstations, 1 network
> printer and a broadband connection, I cannot include a firewall, a
> fileserver, and maybe some other servers to conform with best practices and
> split things up.
> 
> If I can include 1 appliance, I will easily convince them of the advantages,
> in security AND in functionality, for a reasonable price.

At the price of 2nd hand P-II or P-III boxes - especially Dell Optiplex
GXa and similar machines - with onboard sound, LAN and video being
around US$50 or less, I cannot see the problem with installing one of
these with an extra NIC (and yes, the 3com onboard the Dell Optiplex GXa
PCs works fine in m0n0wall) as the firewall, and another as a small
file/print/ntp/dhcp/etc server.  For a grand total of US$100 (plus
labor), any small business or home LAN can be secured and have a secure
internal network server.  I call that a seriously advantageous
installation that provides security AND functionality, for a VERY
reasonable price.

> I usually sell SME-server solutions (aka e-smith). This does everything most
> small business customers need, but it is such bloatware.
> Having that said, I admit I would love the beauty of m0n0wall (and I really
> don't mean only the GUI) to spread into an application like the SME-server,
> but this project is a firewall and Manuel is very clear about that. He is
> right. He allways is, because it's his project.
> 
> OTOH, if anyone is planning to create some kind of all-in-one solution, I
> really willing to help in all the ways I can.

Yes.  A product is currently in the early stages of development that
will offer all the functins needed for an internal network server.  It
will provide >>no<< firewalling functionality at all (this is an
internal network server, and a secure firewall needs to be used in
addition to this box), none of the bloat of some other projects out
there, a nice, clean, functional and logical interface, and also
(hopefully) a RADIUS server for those using WPA security for their WiFi
networks and PPTP Authentication.

As this is not relevant for this list (right now) please email me
offlist with any thoughts and/or suggestions about this project.

-- 

Regards,

Hilton Travis                   Email: Hilton at QuarkAV dot com
Manager, Quark AudioVisual      Phone: +61-(0)7-3343-3889
         Quark Computers        Phone: +61-(0)419-792-394
(Brisbane, Australia)            http://www.QuarkAV.com/

Open Source Projects:		http://www.ares-desktop.org/
				http://www.mamboband.org/

Non Linear Video Editing Solutions & Digital Audio Workstations
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
  Conference and Seminar AudioVisual Production and Recording

War doesn't determine who is right. War determines who is left.