IT Security is not a simple area. You need more than knowing how to configure a firewall rule. Indeed, in my opinion, you must have a depth knowledge of the network stack (TCP and ISO), details about the involved protocols (IP headers, HTTP headers, LDAP authentication just to mention some) and configuration details of the operative system, the involved software (knowing MariaDB options if you are doing database security) and any other theoretical concept about your environment. And this is only for the technical part.

If you want to go further, you should understand security concepts such as risk, vulnerability, exposure, control and others.

At this point, you can have a clear vision about what is the best doing in your strategy. With all this said, I will talk about a classic error when taking calls about implementing security controls.

A Firewall is not always the Solution of Everything

First, I must say for me a proxy is not considered a firewall. Some authors state that a proxy can be considered a layer 7 firewall. In this article, a firewall could be a Netscreen device, a Checkpoint or an IPTables in Linux. A proxy is something like Squid or even better a mod_security for Apache. The big difference is the layer where they operate. Firewalls work on layer 2, 3 and 4; the maximum control you can have by controlling the port. Some firewalls, like IPTables, try to work around this with the string module, where you can put some criteria based on the payload, but again, they don't understand the protocol, it is just a dummy machine hitting a blind condition. Proxies, on the other hand, they operate on layer 7; they fully understand the protocol. Squid is an excellent example. Squid can understand the HTTP protocol and you can create rules based on HTTP elements such as authenticated user, the path of the files, POST payload, cookies and many other things.


This is the second SNOM phone I have been using for more than a year. I can not tell I am a fan of it but at home, people like it very much. Again, as my previews review of the SNOM 870, I will not talk about technical specs. I will try to talk about some details you will not find by reading about it on the vendor website. This phone has been discontinued, but you can find it on eBay for about 125 USD with the base or 100 USD only the headset.

The model M9 is a wireless (aka cordless) IP Phone. The phone consists of a base that controls up to two headsets and nine SIP accounts. The signal reach of the base is good, I have tried in a three-level house without issues. This phone has a repeater mode, this means that if you have a really big house, you could put two bases and the headset will jump between them.


Since I have been doing VoIP for a long time now, I think it is a good idea starting to write my experience about using some IP phones. When I talk to people, I always refer myself to this phone as my "trusty SNOM"; in the 4 years I have had it, I can say it has not failed me a single time. With this said, I will talk more about my experience, you can find the tech spec by googling it.

This is the phone I have on my desk for daily use.

First the bad news, this phone has been out of the market for about 3 years. If you want to get one, you will need to get from eBay, Amazon but you will not get it from SNOM directly.