Security for the Paranoid 449
Stephenmg writes "In Security for the Paranoid, Mark Burnett talks about his computer security methods after other Security profesionals say he is too Paranoid. 'Paranoia is the key to success in the security world. Is it time to worry when other security professionals consider you too paranoid? I require my kids to use at least 14 character passwords on our home network and I'm considering issuing them smart cards.' I don't see anything wrong with his methods."
Burnett (Score:5, Funny)
Mark Burnett talks about his computer security methods...
"Outwit, outplay, and outlast those pesky script-kiddies."
Re:Burnett (Score:3, Funny)
When to we get to vote them off the island already?
Mark is Paranoid, but Trusting of Microsoft? (Score:5, Interesting)
Re:Mark is Paranoid, but Trusting of Microsoft? (Score:5, Funny)
Re:Mark is Paranoid, but Trusting of Microsoft? (Score:3, Interesting)
FTFA: "I do my Internet browsing from a locked down VMWare box that has no rights on my network."
All that he needs to do is revert to a previously known-good vmware image.
Re:Mark is Paranoid, but Trusting of Microsoft? (Score:2, Insightful)
Want to hear what I do for security?
1) Don't use any Microsoft products,
2) I write the passwords for my wife and kid
because I know theirs won't have a combo of
capital, small, numbers, and characters in it,
3) Have a single, secure firewall only letting in
ssh connections and broadcasting only Apache.
It's been 7 years, no problems yet. For someone to say they're paranoid about security, then say they use Microsoft products is kind of like saying "I'm a beer conneseur. Yeah, I'd li
Cleansing Palates (Score:3, Informative)
Wasabi [wikipedia.org].
Re:Mark is Paranoid, but Trusting of Microsoft? (Score:3, Informative)
Don't worry let him get one or two bad ones and that'll change his tune. Fortunately for him, MS hasn't released a bad one in a few years. (If you don't count SP2 which had its problems).
Re:Mark is Paranoid, but Trusting of Microsoft? (Score:2)
Microsoft is not the problem (Score:5, Funny)
Re:Microsoft is not the problem (Score:3, Interesting)
A six pack? You're thinking way too big. Wasn't there a study a few months ago where it was shown that like 60% or more of users would disclose their passwords in exchange for chocolate?
"Hey kid, want some candy?"
Re:Microsoft is not the problem (Score:3, Insightful)
Re:Mark is Paranoid, but Trusting of Microsoft? (Score:5, Funny)
Skip trust. That boy must have a lot of time on his hands.
Re:Mark is Paranoid, but Trusting of Microsoft? (Score:3, Informative)
He has an awful lot of trust in his kids.
No Dad, I didn't install that game... No Dad, I don't know who installed that driver... No Dad, I don't know who tried to delete the "WINDOWS" folder to make more space for MP3's.
The Nature of Paranoia (Score:3, Insightful)
Paranoia is the misordering of priorities though irrational fear. For example, I am posting to Slashdot using links2 run from a Gentoo livecd from my second machine. If I was doing this for any reason other than because my main system had suffered disk failure, requiring a reinstall, or random geek value, I would be seriously paranoid, for I'd focused so strongly upo
Re:Mark is Paranoid, but Trusting of Microsoft? (Score:5, Interesting)
Precisly correct. He does all this to "feel good" without understanding the threat. Does he check his firewall logs daily? Did he disable LM hashes on his Windows box? (If not, the 14 char password is really just two sevens...)
I've always maintained that strict adherence to protocol is the last bastion for the truly evil and truly stupid...
paranoid? (Score:5, Funny)
Re:paranoid? (Score:3, Funny)
If it is homemade, they want it. It will end up on Kazza. Then when some kid at the local library is trying to download it, and the school catches him, and the principal sees your wife. Man, that would suck!. And all the parents wanted to do was save the experience on DVD for their own private use. Now the whole town can see them in thier most private moment.
Not secure enough... (Score:5, Funny)
And smashed with a sledgehammer.
And set on fire, to the temperature of 600F, which should be sufficient to destroy the magnetic bits in the hard drive.
And then nuke it from orbit, it's the only way to be sure.
Re:Not secure enough... (Score:5, Funny)
That's why I recommend Comcast for all your security needs!
Re:Not secure enough... (Score:3, Funny)
Re:Not secure enough... (Score:2)
If anybody comes near my desk with a blowtorch, I'm blaming you!
Little green men! (Score:2)
Nuke it from orbit you say?
Isn't it more likely that a space alien can recover information from a nuked, burned, smashed and disconnected computer than a human?
I'd keep that computer on planet earth thank you very much.
Convenience = 1/Security (Score:5, Funny)
Is he mentally ill? Let's just say he doesn't sound like the type of person I'd want to have a beer with.
In fact, he sounds a lot more like the type of person who has food, water & weapons buried in the woods for the coming Apocalypse.
Re:Convenience = 1/Security (Score:5, Funny)
But if you did have a beer with him, come the Apocalypse, maybe he'd let you have some of his food and water.
Re:Convenience = 1/Security (Score:2)
Re:Convenience = 1/Security (Score:2)
Read Dawkins, any studies on altruism... (Score:5, Interesting)
Is he mentally ill? Let's just say he doesn't sound like the type of person I'd want to have a beer with.
In fact, he sounds a lot more like the type of person who has food, water & weapons buried in the woods for the coming Apocalypse.
In any population, you will have a percentage of people who are very alturistic, they will sacrifice for everyone else. And you have some people who are so paranoid they will always hide and run. This is required for a species to continue.
For example, say you have birds. Say that 5 out of 100 birds will signal when a predator comes in range. Chances are greater those birds will be eaten, since it is making itself more known to the preditor. Now in that same 100 birds, say you have 5 that always hide, run, and are very paranoid. They have the greatest chance of continuing the species line.
If we all get soft, and say nuclear war does break out, in any form, the guy who has a chamber 50 feet under the ground with a room filled with water and food, and another room with oxygen tanks, he might be what's left to start the gene pool over again.
Instead of critisizing him as mentally ill, maybe you can add some of your distinct expretesse and help build a better shelter. One where 2 people can hold out longer, maybe making some filtration system for well water, adding lights with the correct wavelegnth to let plants grow underground and make natural oxygen. Then you will both survive, and your altruistic genes will get passed on too.
There are lots of opinions on altruism (Score:5, Insightful)
Not necessarily. A paranoid creature might be to fearful to ever hunt and/or forage properly and would constantly be weakened and vunerable to disease. Their lack of social contact would also exclude them from the safety in numbers and support of the group also lowering their chances.
A healthy sense of risk doesn't necessarily make you altruistic or "soft" as you snidely put it, just reasonable. Judging from how strong the urge to socialize is in primates (including us of course) after millions of years of evolution I'd say that paranoia is not a strong predictor for survival.
Re:Read Dawkins, any studies on altruism... (Score:3, Interesting)
Re:Read Dawkins, any studies on altruism... (Score:3, Insightful)
First off, Mr. Bomb shelter isn't going to be continuing any sort of species without a mate.
Paranoids are lousy lovers.
Don't bury your weapons (Score:5, Funny)
Look what happens in every zombie movie; you think you have an opportunity to drive even 25 miles and dig up your S&W 1006 and your M4? You're zombie food.
You need your sidearm ON YOU, and your rifle at arm's length. You need 2k rounds for your sidearm and 5k rounds for your rifle on hand ALL the time, along with supplies to crank out another 10k rounds if necessary.
More shit buried in the woods is a great idea, too, but don't leave yourself unarmed.
Re:Convenience = 1/Security (Score:5, Funny)
I said 'Nah. If the power is out on Jan 1, I'll step out on the front porch and listen. Three generators will start up within earshot,followed soon thereafter by three gunshots, then those generators will start up in different locations of the sub-division.'
Re:Convenience = 1/Security (Score:3, Funny)
kSC = 1
where S is security, C is convenience, and k is a parameter which represents the security-godhood of your sysadmin (e.g. Bruce Shneier would be in the 0.9+ range, your average MIS grunt being ~0).
Re:Convenience = 1/Security (Score:3, Insightful)
I don't do it because I think someone is going to go through my trash to reassemble bits of my research notes.
He may well be correct, but, given he is an "independent researcher, consultant, and writer specializing in Windows security", I have my doubts that someone would want to make the effort of reassembling his shredded notes.
Re:Convenience = 1/Security (Score:3, Insightful)
A poor choice of location. In the event that the shockwave from a nuclear blast hits the area (assuming you're still far enough from the epicenter to avoid the radiation) all of the trees in the forest will be burned and/or knocked down, covering your cache.
As long as we're being paranoid here, let's at least plan accordingly. When it comes to the apocalypse, concrete is you
Re:Convenience != 1/Security (Score:3, Interesting)
Good security should be relatively unintrusive. E.g., your security badge includes a java button, you need it and your password to log on. (I'm not sure if jbuttons are wireless, but if not substitute some smart device that is.) Once you're logged in a kerberos TGT is written to your badge. You can then access most secured functions because they quietl
Re:Convenience = 1/Security (Score:3, Informative)
That said, we have a lock on the door to our data center, and a camera that snaps a shot as you go in. Backups are made 3 floors above on a half-floor, that nobody knows about, and requires a key to access as well. The backup tapes for our operation are in one of those locked locations, or in the hands of a courier who carts them offsite to some remote salt mine or something.
We aren't keeping the formula of coke. We are keeping our donor database and membership roles. Th
It's a good start (Score:5, Funny)
Re:It's a good start (Score:2)
Apart from that I'd say less of jargons and catchy phrases and more of useful and practical information to end user.
smart cards? (Score:5, Interesting)
Re:smart cards? (Score:2)
Then the real world will not be a suprise for them.
Re:smart cards? (Score:2, Insightful)
Hiw whole point is that it doesn't matter whether he has anything
Re:smart cards? (Score:5, Funny)
Their passwords are probably things like:
my_dad_is_an_asshole!
hereismy14characterpassw
Not quite right (Score:5, Interesting)
However, information security has to be appropriate to the data you wish to protect.
A system that annoys users by making it hard to access the information (long passwords changed weekly for example) will just leave you with a static store of information.
The information will never be *USED*. There will be no point in having it.
Use security appropirate to your data. He IS paranoid, and - offtopic: sounds a bit of a nob.
I know for sure if I was one of his kids, I wouldn't WANT to connect to his network!
Re:Not quite right (Score:2)
the whole system, not jujst the information (Score:2)
Next question?
Training is... (Score:2, Insightful)
If you start your kids off learning to use computers securely, with good self protection habits, then the likelihood that they will become victims of identity theft or other phishing is greatly reduced.
When it comes to security, there is no such thing as paranoid... they really are out to get your password, your ID, your SSN and everything else
what a pseudo-fool (in a nice way) (Score:5, Interesting)
... is about the only part of his screed that could make sense to me. Not because one should not divulge a password to one's wife, but because keeping passwords entirely private is good policy. Almost everything else about his life strikes me as goofy. If you read any of the "hacker" books, hacking and gaining access to people's stuff isn't about cracking passwords, it's about social engineering and dishonest behavior, most of which the author's behaviors won't prevent. But, if it makes him feel better.... (I wouldn't want to live on his network.)
I worked at a large company and called the administrator of their unix mainframe and complained that /usr/bin and /bin both didn't even have execute privelege so I couldn't even see what commands existed. The administrator dressed me down and explained they did that for security reasons so people couldn't hack in. He went on to tell me about the giant breach on that system from outside hackers and hence, the very tight "security". I gently reminded him the "breach" actually occurred with those very same directory permissions.... and they didn't prevent the hack. Sigh...
Re:what a pseudo-fool (in a nice way) (Score:3, Insightful)
Re:what a pseudo-fool (in a nice way) (Score:3, Interesting)
One router, and one software firewall constitutes two firewalls. If he wanted his home office network to be separated by his family's computers, having a third firewall makes sense.
After all, if his kids inadvertently get a virus, why let it spread on the network? (depending on the virus, of course)
Sometimes I have a "Password Day" where I change every password I own on the same day, just in case someone might ha
Re:what a pseudo-fool (in a nice way) (Score:3, Interesting)
If your partner wants to hurt you badly enough, your password isn't going to stop her/him. Most partners know enough about the other person that they could have them arrested. Good thing is it works both ways.
Smart cards (Score:2, Interesting)
Re:Smart cards (Score:2)
GemPlus [gemplus.com]
Athena [athena-scs.com]
TX Systems [txsystems.com]
Note that $5-10 per card is about the best you're going to do in small quantities.
Comment removed (Score:5, Funny)
Re:Is it just me or... (Score:2)
paranoid my ass (Score:5, Interesting)
if he's so damn paranoid, what the hell is he using windows for?
Re:paranoid my ass (Score:3, Insightful)
Re:paranoid my ass (Score:4, Funny)
So he can justify the 14-character passwords and the smart cards.
Re: Mod Parent Off-topic (Score:3, Insightful)
too paranooid (Score:3, Interesting)
Its true, you never seem to realize your folly until its too late and your data is gone, but in my case, my home network isn't so important to me that I think its worth so much security that it interferes with my enjoyment or productivity.
Usually my stance is that I let the foil-hat wearing scurity gurus have their toys, but I continue to look for the solution that is "good enough" and that conforms to MY wishes, not theirs.
-d
where to start... (Score:2, Insightful)
I cant see a need for this level of security on a home network, where the only thing an attacker would want to do is zombi-ize your windows boxes. strong passwords are good, firewalls are good, wifi mac address lock down is good, but smartcards? why not requier a hair sample.
Also, if you are that paranoid, you better put in a shark-filled mote, because a physical attack still leaves you volnerable, a
Useability (Score:3, Insightful)
5 passwords to boot and check email on the laptop? What in the world are they *for*? BIOS, system login, email login, maybe one for decrypting if you're receiving encrypted emails all the time. What else?
Security is a balance. Very few security measures only make things more difficult for an attacker- most of them make life make difficult for the person taking them as well. It *is* useful to analyze the threat in any situation, because it helps you make an informed judgement as to how secure something needs to be made, balancing risk versus useability.
Not checking luggage when you fly? What, are you worried about someone snooping through your underwear? Oh, sure, don't put anything important in there if you're worried about that, but really... this truly is on the paranoid side of things.
This guy is a moron (Score:5, Insightful)
Being paranoid is fine -- but it's only 1% of the battle -- and it makes no sense to run around closing up every possible hole you find.
A security expert is supposed to identify ALL of the possible ways in which the organization may experience a negative impact as a result of poor security (both logical and physical). His job, brace yourselves kids, is not to close all of the holes!! Rather, his role is centered around determining the cost/benefit of taking care of each specific issue. If there's a 0.5% risk of a particular security hole costing a large organization only $1,000 in damages and cleanup, and closing that hole will cost $5,000 in man-hours and hardware, it's pretty clear what the correct choice is. On the other hand, the risk may be low, and the cost may be low, so you just do it. Or the risk me be high, and the cost high, so you STILL do it... you get the idea.
Being paranoid is fine -- it will help you identify security problems that others may or may not see. However, what to DO about the holes you find is where the real work begins.
I can't imagine a cost-benefit scenario that justifies issuing smart-cards to family members on a home network. This guy has officially achieved 'retard' status.
This guy is a moron (Score:4, Insightful)
The only reason you would do all the silly crap that he has done, is because someone is out to get YOU, and is only after you. They are determined to get into your system, any way they can. Now, if your system is the Strategic Missile Command computers, then I could see why someone might really want to get in. However, this guys is a nobody. He isn't rich, he isn't influential, and he isnt powerful. Nobody is out to get him, so yes, he is paranoid.
I always thought that paranoids were the absolute height of egomania, since you have to think pretty highly of yourself to think that you're worth the effort.
Re:This guy is a moron (Score:3, Interesting)
Yeah, conspiracy and paranoia are oddly appealing. It's so much nicer to believe that the governments, corporations, and secret networks are out to get you than to believe that nobody really gives a shit whether you live or die, and that your failures are either the result of an unordered universe, or worse, your own damn fault.
further analysis... (Score:3, Insightful)
Ahh, the self-fullfilling prophesy of paranoia: Act out enough, and you get all sorts of unwelcome attention that just confirms your egomania.
Of course, if I were really interested in getting into this guy's computers, I would shoot him once in the foot and tell him that the next bullet would go into his head if he didn't spill all his passwords. Computer security is only as good as the weakest lin
Security,,,for the average user? (Score:5, Interesting)
Security for the sake of security, for example, can sometimes backfire.
For example, a company I used to work for had this policy that you had to change your password every 30 days, have at least 1 special character, one capital, one number, etc.
This was on an intranet, and most people hated this feature.
Most people ended up using a system like
Jul@1996 for their password. Mon
Kind of defeats the whole purpose of security.
I tend to think one should use security proportional to sensitivity on certain matters, knowing that nothing is perfectly secure.
But enforcing 'security' for the sake of security, especially random, and unsupported 'security' can make the average user resentful, and the process much less secure.
Re:Security,,,for the average user? (Score:3, Informative)
Sue the hackers and crackers! (Score:2)
I'll admit it too, I am a bit paranoid and depressed. I try and keep my system secure. I keep everything behind a router with NAT. I have a software firewall. I keep tough passwords. But I still get attacks. If only someone would pay me for the time I spend securing my system. If only someone would pay me for all the frustration. It is not fun.
I require my kids to use at least 14 character passwords on our home network and I'm considering issuing them
alzheimer's is going to be rough (Score:2)
It takes five passwords to boot up my laptop and check my e-mail.
One of those passwords is over 50 characters long.
The first day he wakes up with some memory loss is going to be rough! Password-protecting your laptop is not only a good idea, but essential. But this is a just a little over the top. -- Paul
Re:Try to count them. (Score:3, Informative)
It looks like the enforcement of this requires the BIOS to interract. I have not been able to find a way to remove this password, but I've had no issues with pulling data from the drives with passwords by just putting them in externa
Err.... Overdoing it, maybe? (Score:3, Interesting)
I'm not a cracker, I'm not even much of a hacker, but I'm naturally sneaky bastich. (TM) And as real sneaky bastiches know, you don't ever stand in someone's face and tell them to you're going to beat the crap out of them, you wait until they turn around.
I try to be a nice guy despite my tendencies, but still... This kind of article reminds me of the French and their lines.
Yeah, too paranoid. (Score:2)
Smart Kids (Score:2)
Paranoid? Maybe, but it's useful anyway. (Score:2)
Basically, preparing for the worst is a good thing to do, because when it comes, you won't have to scramble to deal with it.
-Jesse
Re:Paranoid? Maybe, but it's useful anyway. (Score:2)
"
thus making it tough for people to see if someone is behind you. Knowing who is behind other vehicals is critical to safe driving.
"...but it's saved me once, and once is enough. "
how do you knnow not having them at 2 and 10 you wouldn't have been saved?
The guy's issues are not security related (Score:5, Funny)
Is it safe to use a password program? (Score:2)
What's a good console based password program to keep these different passwords? This way I should be able to get to them through SSH if I need to. Or, is doing this defeating the whole reason for having multiple passwords?
--Lance
Oh Yeah? (Score:5, Funny)
I wouldn't want him as my ISO (Score:5, Insightful)
You start breaking down security prinicples and over doing it, and you just look stupid. Other security professionals are telling him he's paranoid, but that's just being nice. What they are THINKING, is that the guy is incompetent. And doesn't understand productivity versus security tradeoffs. Somebody needs to have him go read Schnier on a island somewhere. Unpucker.
Re:I wouldn't want him as my ISO (Score:3, Interesting)
I actually wonder if the ironic point he's making is that security consultants demand stupidity from corporations that no one would tolerate on a personal level. Consider:
I try to run my own network the same way I tell my clients to.
Then he goes on to present a stupid laundry list of excessive security measures that are, by implication, what he's telling his clients to do. It's obvious that, personally, they're ridiculous, so why wouldn't they also be ridiculous in a corporate environment?
poor security choices (Score:5, Insightful)
What do you want to bet I can find the passwords written on a post-it under the keyboard?
A security policy that doesn't take usability into account is worse than no security policy at all.
Not paranoid enough (Score:2)
Stupidity (Score:3, Insightful)
His kids will probably never want to touch a PC after the trauma of memorizing 14 character passwords just to surf the net at home.
How many systems are actually vulnerable to password cracking anyway? Most ATM machines eat your card if you enter 5 incorrect PINs... most enterprise networks disable accounts if you have multiple incorrect passwords.
This guy is on the same level as a mall rent-a-cop who always wanted to be a policeman, but can't pass the mental exam. He just gets a rise out of hassling people with arbritrary nonsense.
3 firewalls? (Score:3, Insightful)
How is THAT more secure??? I once spent half a day tracking down a totally bizarre printing behavior/bug that turned out to be a LAN where machines had multiple firewalls running. Multiple firewalls can be more trouble than one well configured firewall.
High Cognitive Cost == Low Compliance (Score:3, Interesting)
14 Character pwds for his kids, on his home network, that isn't connected to the outside (his VMware box is for internet). Yeah, that's useful.
He reminds me of the guy in town who advertises websites that a backwards compatible to Netscape 1.2 - very shrill, gets some attention, but is really clueless.
Waste of time? (Score:4, Insightful)
At least he's not wasting his time reading
What a freaker (Score:3, Interesting)
Most of my internet traffic goes through at least three firewalls. Is that too paranoid?
Almost definitely, yes.
Sure, the threat might not be real. No one may ever actually want what you have on your PC. But does that really matter?
Yes, it does. Welcome to the real world, where you have finite resources and impatient users. If you only have X amount of resources, do you spend them on protecting things that are a target or on things that nobody cares about?
Its not that I think someone is trying to hack me, but I also don't think someone is not trying to hack me.
So, can anyone tell me exactly what he's thinking? It seems like he doesn't even know.
It takes five passwords to boot up my laptop and check my e-mail. One of those passwords is over 50 characters long.
50 characters long? Why stop there? Why not 128 characters long? Why not memorize your entire public and private keys?
I think that this fact alone -- that he has a 50-character password -- shows that he's not playing with a full deck of cards.
Eight character passwords are sufficient (Score:3, Informative)
Of course is someone steals a password-protected system he would have an unlimited number of attempts. So make it a nine character password. If the cracker can run one million tries a second he has only a 50% chance of cracking a truly random password in the first 16 years of trying.
Show your work:
Number of seconds in a year = ca. 3,153,600
36^9 = 101,559,956,668,416 / 1,000,000 = 101,559,956
101,559,956/3,153,600 = 32 years to search entire key space.
32 / 2 = 16 years to search half of key space.
Quality vs quantity (Score:3, Informative)
3 firewalls ? Why not 6 or 12 ? Or 1, properly configured.
5 passwords ? Why not 20 ? How is he tracking all his passwords - with "Password days" and all ? I'm betting the farm he isn't memorizing them all. If he is, they're not different enough, not good enough. I'm sure 4 of those 5 can be cracked with readily available cracker kits.
No, he's all about "a lot of security" as opposed to "good security".
It's a joke, people (Score:5, Insightful)
Pet peeve: (Score:3, Interesting)
Paranoid admins who like to practice "information denial techniques" on their systems, making them essentially unfixable. The thinking is, "We don't want a hacker to have any information about our network. We don't want him to even know what kind of system he's on if he ever does get in. So we've got to hide as much system stuff as possible."
We've got quite a few of those here, most of who have had "security at ANY COST" drilled into them by the higherups. Here are a few gems:
I'm sure there's another super-paranoid person on this topic who may flame me for this and say I'm a rotten admin for keeping any debugging tools on a system. But a lot of people forget that 50% of security is keeping the bad guys out, and the other 50% is allowing the good guys to do their job without a huge hassle. Sure, having people logging in via telnet, or allowing "password" as a password sucks. But timely patching, keeping an eye on your system services, EDUCATING YOUR USERS, and having a good firewall policy will keep far more trouble out than instituting the Fourth Reich on a production system.
B#llsh!t Paranoia is egotism (Score:3, Interesting)
More important is a credible threat, probability and loss analysis, compared with a list of countermeasures and their costs.
Otherwise, it's just the cops featherbedding, just like the CIA did over the strength of the USSR -- even just before the collapse and perestroika.
Don't give in to fear.
Re:14 character password? (Score:5, Funny)
Re:14 character password? (Score:3, Interesting)
Why this really is annoying to me is because I use a 4 tier password system. Tier 1 is for my bank accounts, when that is changed the password is reused for tier 2 applications--my passwords on my home computers. Tier 2 password b
Re:14 character password? (Score:5, Funny)
Did I win?
Re:14 character password? (Score:2)
Re:14 character password? (Score:3, Funny)
123456 for 6 digits and 1234567890123456 for 16 digits. In fact, that is what I use for Slashdot.
*N>V&GO)JBT^U
NO CARRIER
H3h3, w3 @r3 1n!!1! W3 pwn j00 0r10n! D@mn, l00k, 1'm p0$t1ng as 0r10n B7@$t@r!
Re:oww (Score:3, Interesting)
He didn't state what type, but I can guess...
1) Software Based firewall (Possibly two if you don't trust the first.
2) Wireless AP to internal network Firewall.
3) Internet firewall.
I have two of these on my home network (for the windows client), ZoneAlarm + Hardware. When I install a wireless access point I will then add another one to firewall that segement.
Enjoy.