Why I hate Steve Gibson

[jarad.livejournal.com]

A customer came to me with this one. It's been some time since someone bugged about about some insane recommendation from Steve Gibson. Take a look. So, rather than use a firewall, proper network structure, authentication of end user devices, intrusion detection etc., his idea of good security is to use two NAT routers in a cascade.

I can't find the words to describe the kind of loathing I have for this man.

Comments

[kuang.livejournal.com]

I always found his disk tools useful when I was responsible for a graphic design lab full of ZIP drives, but in most other respects he's one step away from a tinfoil hat.

[gholam.livejournal.com]

I wonder how is he going to handle IPv6 transition.

[trixtah.livejournal.com]

What is this IPv6 of which you speak? Now that everything is NAT'd, there is no need for stupid IP6, because there are now unlimited addresses for everything!!!1!

[trixtah.livejournal.com]

That's fucking hilarious, in a sick kind of way. Because NAT FIXES EVERYTHING OMGBBQ!11!

[poly-scott.livejournal.com]

O.o

Wow. Just - wow. Brain hurts now.

Is it possible he's just trolling?

This is a whole new level of crazy for him. Far worse than the crap about Windows allowing access to raw ports, or the ranting about various firewall products.

[mouser.livejournal.com]

No, he's serious. Skimming the article, I don't THINK he's saying "Use this IN PLACE of firewall, authentication of end user devices, intrusion detection, etc." I think he meant IN ADDITION.

Yea, it's kinda goofy but in very specific circumstances I *kinda* see what he means. Kind of ignores a lot of other options, though.

Oh, and you can just point him at the date on the bottom and quote "We've come a long way baby!"

[preserver3.livejournal.com]

"Where are your missiles, I would like to see them, and can I come and count them?"

I would like to find people who use this security, and take away their internet.

[tanetris.livejournal.com]

I'm looking at the article, and all it seems to be saying is that a second NAT router can be used to (help) secure one part of your network from another, and certainly doesn't tout it as a catch-all security solution... Seems more customer-interpretation-stupid than author-stupid.

(note: I am not trying to defend Steve Gibson, as I have not heard of him prior to today)

[adamjaskie.livejournal.com]

It's customer-interpretation-stupid of a dubious "solution" to a problem the customer doesn't have; a problem which may exist in reality, but for which there are better solutions. Namely, if you need such a setup, you shouldn't be using cheapo Linksys NAT boxes.

[jill-idle.livejournal.com]

gibson is getting with the times. I heard him say he'll actually start using virus protection soon.

[jecook]

... That's and interesting way to make the customer buy more hardware then they need AND gives them a false sense of security to boot...

[vxo.livejournal.com]

Good Fucking Luck if you ever want a port listenable... OUCH.

Ow, ow, ow, owwwwwww. Fail.

[tecknow.livejournal.com]

I listen to "Security Now" mostly for the book recommendations, but that's not important.

That page seems to be a relic from an earlier incarnation of someone asking how to set up a public network at their home without exposing their personal machines to their guests. He eventually reached the conclusion that a Y shaped topology is better than the one on the page you found. Whatever you or I may think of it, that's also the answer that the professors who study "networking" around here would give.