Welcome to Open Vistas Networking, 
Inc.



How hard is your firewall to install and set up?

Actually, it is very simple! Here are the installation instructions packaged with every firewall.

  1. Shut down your computer if it is on. Turn off the power to the cable or DSL modem and unplug the power cord from the unit.
  2. Determine an appropriate location to physically place the firewall. The computer unit itself is roughly 17.5" inches wide by 17" deep and 6" tall. Using the ethernet cable that you have and the ethernet cable that is included with the firewall limits the distance it can be from the cable modem and your computer to roughly 6 feet. I have found that if you have the room, a perfect place for the firewall is beneath your monitor. The firewall also requires an electrical outlet, and like most computer equipment, it will be much happier if it is plugged into a good quality surge protector or a small UPS.
  3. Before you put the firewall into its new spot, take a moment to familiarize yourself with the back of the firewall unit. There are two ethernet jacks on the back of the firewall. Each is marked with a different color. The jack marked with RED is for the cable from the internet. The jack marked with YELLOW is for the cable that will go from the firewall to your computer. A cable should already be installed in this jack.
  4. Trace the ethernet cable from the cable modem to your computer and unplug it from the computer. Plug this cable into the RED jack, so that the cable now runs from the cable modem to the firewall. Make sure that the cable is seated in the jack. You should hear/feel a "click" when the cable is seated well.
  5. Plug the cable from the YELLOW jack on the firewall into the ethernet jack on the back of your computer. Again, make sure you hear/feel the "click" as the cable locks into the jack.
  6. Plug the included electrical cord into the firewall, and then plug the other end into a live electrical outlet.
  7. All of the cables are now attached and plugged into their respective jacks. Plug the power cord back into the cable or DSL modem and turn it on. Turn the firewall on. The power on/off button is on the front. A power light should come on near the on/off button, and then shortly after that, a hard drive activity light will begin flashing. This is a normal firewall boot.
  8. Because we boot the firewall without a monitor attached, please wait 2 minutes for the firewall to finish booting before turning on your computer.
  9. Turn your computer on. You should not need to make any changes to any of the software settings on your computer, so feel free to try it out!
  10. There is a small web server running on your new firewall that will allow you to interact with the firewall. You can register the firewall with Open Vistas Networking, Inc.. You can adjust privacy settings, and chose your own set of firewall rules. You can even view the packets that the firewall has blocked in the last 24 hours. To get to the firewall's web server, point your browser to http://10.1.1.1. Please note that this address will only work from behind the firewall!
Back to Frequently Asked Questions

I can buy a software package from [Norton/McAfee/ZoneAlarm] that says it is all the firewall I'll ever need. What is the difference between your firewall and theirs?

There are three main differences between these software firewalls and a separate unit running a separate and secure operating system.

The first is performance. If you have a software firewall running on your Windows computer, you will find that it requires a substantial increase in the system resources used. These software firewalls are fairly complex programs that are constantly scanning for inbound TCP/IP packets to determine if they should pass or be blocked. This is exactly what it should be doing, but at the same time you are using Internet Explorer to surf the web while listening to streaming audio over Real Player, and in the background you are recalculating that 15 page Excel spreadsheet due for work tomorrow.

Each of these running programs will cause the others to slow. Adding the complexity of a software based firewall only worsens the problem, and it gets really noticable when the firewall starts blocking packets.

You might recall the Nimda worm that made the internet rounds during the fall of 2001. Our firewalls had just entered beta testing at the time. The system logs showed a tremendous spike in blocked internet traffic. Before the release of Nimda, our firewalls were blocking about 200 packets a day that were bound for port 80. When Nimda was released, that number jumped to over 2,000. Software firewalls brought the systems running them to a grindingly slow crawl, but our beta testers reported no problems with their Windows computers behind our firewalls other than a decrease in internet download speeds. This decrease was from the drastically increased amount of traffic in general on the internet during those "storms" and not the result of any interference from the firewall. Games, word processors, spreadsheets, all performed as well as usual.

The second difference is reliability. As all Windows users know, applications crash. The Windows operating system itself can crash, although it is reportedly much more stable now than in the past. What happens to the TCP/IP stack during a crash, either of Windows itself or of the software firewall? I don't know for sure, but I wouldn't want to find out the hard way that the software firewall I was relying on to protect my system was no longer doing the job and I didn't know it.

The operating system running on our firewalls is UNIX-based OpenBSD. OpenBSD's UNIX heritage enables it to draw on 30 years of stability and security. The packet filtering routines are integrated tightly into the kernel--the heart, if you will--of the operating system. The kernel simply does not crash. You will find that the "uptimes" of the firewall will match your power outages to the microsecond, and if you plug the firewall into a UPS backed power source, you might never need to reboot it.

Finally, running a software based firewall on the machine it is protecting puts all of your eggs in one basket. Once past your software firewall, a cracker is home free and in the promised land, free to set up a porn or warez relay site or to just start deleting files.

A hardware based separate firewall is a different story altogether. First the cracker actually has to get in the firewall, and we believe that this is not possible. We base this belief on the quality of the OpenBSD code, and on the amount of effort we've put into making these firewalls impervious to attack.

But, just for sake of argument let's assume that someone, somehow, manages the impossible and cracks our OpenBSD firewall. What's there? Nothing of value to the cracker, just a very small hard drive with a minimal operating system on it. To get anything of value, the cracker has to get to the computers behind the firewall. To do that, the cracker needs more operating system "privileges", so the next task is to get what is called "root" access on the firewall. Given the extremely long and complicated password that the root user has, this task is daunting. But, again, for sake of argument, assume that miracle of miracles comes to pass and the cracker is able to force the root password. Now the cracker is faced with the task of cracking into the computers behind the firewall.

These multiple layers of security all work to protect your computer, your data, and your privacy. Most crackers aren't even going to make the attempt, especially when there are so many of your friends and neighbors with broadband and no firewall of any kind. Who wants to spend the effort to scale these mountain ranges of security when there is so much "low hanging fruit" around just waiting to be picked?

Back to Frequently Asked Questions

My software firewall package is constantly being updated for new threats from the internet. What update mechanism does your firewall use?

There are two schools of thought concerning firewall security. The first states "Everything that is not explicitly denied is allowed." The second is the opposite. "Everything that is not explicitly allowed is denied."

Our firewalls use the second rule. As a result, we do not need to modify the packet filtering rule set to react to new threats that appear, because virtually all packets originating from the internet are already blocked. The exception to this "block all" rule is that the default rule set does allow technicians from Open Vistas Networking, Inc. (and only Open Vistas!) to login to your firewall via the Secure Shell to perform minor maintenance tasks.

However, once your firewall is installed, you can totally lockdown the firewall with a simple web based pulldown menu and nothing will be able to get in.

In the rare event a bug should turn up in the operating system that would need to be fixed, Open Vistas Networking, Inc. will contact you (if you have registered your firewall and if you have granted permission to be contacted) and inform you of the situation. Again, this upgrade would be at your discretion.

Back to Frequently Asked Questions

Is there any kind of threat from the internet that your firewall won't protect me from?

Actually, yes. Viruses and worms attached to e-mail, and malicious programs that you choose to download from the web.

E-mail is downloaded from your ISP's mail servers when you request it with your e-mail client. Because you've requested it, the transaction initiates from inside the firewall and is allowed to pass. The firewall will not scan your e-mail in any manner.

Why would anyone choose to download a malicious program from the web? Because it is masquerading as a program that is not malicious. A screensaver that actually removes all of the files from your hard drive the first time it runs would be a good example of this kind of "trojan horse" program. Obviously the screensaver isn't going to tell you that it will wipe your hard drive before you download it!

This is a totally different area of internet security. Don't download programs from sources you don't trust. Ever. And please install a good virus protection program to stop e-mail viruses.

Windows users can download a free program from Finjan Software called SurfinGuard that does a fabulous job protecting against any kind of internet downloaded malicious programs. We highly recommend it be installed on all Windows computers.

Mac users are fortunate in that virtually all of the malicious content circulating out there is specifically for the Windows operating system. We suspect that as the MacOS gains more marketshare, we will see an increase in the malicious content targeted specifically for Macs. Until then, install a good e-mail virus program, keep it up-to-date, and don't download programs from sources you don't trust.

Back to Frequently Asked Questions

What about a warranty?

You bet there is a warranty!

Satisfaction guaranteed.

If you decide in the first 90 days that our firewall is not the product for you, return it for a full refund. After 90 days, please contact us. If the firewall has already been doing its job for 3 months, we'd like to know why it isn't living up to your expectations, but the same guarantee applies.

Worried about a hardware problem? Although we use "previously owned" hardware in our firewalls, we are confident that the hardware will last for many years to come, and will serve your firewall needs well into the future.

If you do have a problem, please first try to access the web server on the firewall itself (http://10.1.1.1) and work through the Troubleshooting pages before contacting our Technical Support people. Many of the troubles you might think you have with the firewall will turn out to be with your broadband ISP!

Back to Frequently Asked Questions

What do I need to do to share my one broadband connection with the other computers in my home or office?

Surprisingly little. In addition to our firewall, you will need:

  1. A network switch. A 5 port network switch will allow you to share your broadband connection between 4 computers, printers and other network appliances. An 8 port switch will allow you to share between 7 other units, and so on. These network switches are available at all office supply superstores. A 5 port switch costs about $50, and an 8 port switch is about $70. Network hubs are also available for roughly the same price, but the performance from a hub is horrendous when compared to a switch, so don't let someone sell you a hub!
  2. Ethernet cables, one per computer in the appropriate lengths.. Ethernet cables are also available at all office supply superstores. They range in length from 3' to 50', and range in price for $5 to $30.

Directions for Sharing One Broadband Connection

The following instructions are written under the assumption that you have already installed the firewall and are using it for one computer. If you have not yet installed the firewall, please do so and test it before proceeding on to this setup.

As it is installed now, you have one ethernet cable running from the cable or DSL modem to the firewall and another ethernet cable running from the firewall to your computer. Although these two cables look the same, they are not. To use your new switch, these two cables must be switched. The cable that runs between the cable or DSL modem and the firewall must be removed, and the cable that runs from the firewall to your computer must be put in its place. The first cable is then plugged into the lan (YELLOW) jack of the firewall and then plugged into a port on the switch. Your new ethernet cables are also plugged into the switch and then into their respective computers.

Back to Frequently Asked Questions




Open Vistas Networking   Cheyenne, WY  307-421-7949   Jeff Ross

Valid Cascading Style 
Sheets! OpenBSD Valid HTML 4.01!
Powered by WN. Powered by djbdns. Powered by 
PostgreSQL