One of the things that I wanted was for the firewalls to be smart enough to recognize that they were on a different network than the one that I previously agreed to "trust" — even though the IP address and subnet (which define a network) might be the same. I don’t think any of them are to that point yet. All it should take is a small table in the firewall program to add the “router MAC address” to the trusted network list — and flag if I connect to a network that doesn’t match up.
Anyway, a visit to a client this week brought up the issue of "trusting" networks when you connect to them in a hotel.
This is a point where the firewall programs, even my favorite firewall (Sunbelt Kerio), are assuming too much user knowledge.
They often will flag that you’ve connected to a different network, because the IP address and subnet are different. Perhaps the firewall program also watches to see if the network is via wireless, wired, or dialup to help identify that it’s different.
The problem comes with the question they ask: it’s usually some variant of "Do you want to Trust this network?"
The issue is "Trust". In computer networking terms — especially in firewall terms — Trust means that you authorize and allow those other computers to initiate communications with your computer, such as accessing your shared files and any services that may be available to them on your computer.
For most computer users, that question assumes a level of knowledge that the user doesn’t have. They want to connect to the Internet through that network, so they say "YES". Wrong move!
The question should be "Do you want to Trust the other computers on this local network?" That would put it in perspective — NO, I don’t want to trust the other computers on this hotel’s network! I don’t want to let them access my files or initiate communcations with my computer!