Security Basics mailing list archives
RE: Potetial Outpost Conflicts?
From: "Tim V - DZ " <iceburn () dangerzone com>
Date: Thu, 16 Jan 2003 14:52:18 -0600
Colin- Sorry for the book, but I typed a bit more on each question than I was expecting.... There are a multitude of things that go wrong when running multiple software firewalls. Traditionally a firewall looks something like: Internet --- firewall --- network or computer The whole idea is to inpect traffic coming in, and only let "good" stuff through. (I'm speaking generally with the word "good" here). The firewall is some sort of barrier between two things, but same type of information goes in and out (ie TCP/IP packets) In a computer you have the network adapter that must bind to whatever protocol you're using to communicate...so you get Network adapter --- windows IP stack So to emulate the firewall with software it looks something like Network adapter --- inspect service ---windows ip stack Where the service is performing the filtering, denying, dropping whatever But a more detailed diagram might look like this NIC --- Protocol changer -- inspect service --protocol changer -- IP stack I'm using "protocol changer" for lack of a better term. The Raw information coming from the NIC is converted into something the inspect service can understand, then the inspect service...inspects it..then the information is changed back into a form the computer is expecting. ANYWAY, you can see, now all traffic is going through multiple layers before the "computer" actually sees it. If you are running two firewalls, the layers basically double. Now on a unprotect computer going from nic--ipstack to NIC --- Protocol changer -- inspect service --protocol changer -- IP stack Is easy. Just insert the 3 layers between the nic and ipstack. But what happens when you install a 2nd firewall. Hopefully you get something like: Nic -- ProtoC -- IS -- ProtoC -- ProtoC --IS --ProtoC -- IPStack But what if the layers are inserted at the wrong spot / order? You're information will never get through to the ip stack and the computer will never see the network. A prime example of this is would be installing the PGP suite 7.something on a computer running windows XP. By default the PGP suite installed whatever the PGP software firewall was, but the way the layers work in XP are different than in previous MS OS's...so the last ProtoC was converting the information into something that the computer could not understand. As for the second Question, multiple Virus scanners are bad because they run at the same time...you can run into situations like them both locking the same file at the same time for scanning erroring out, not being able to download things because both AV's fight over the ability to scan downloadable files, or for a real demo, install two AV engines on a file server that scans both incoming and outgoing files....the performance hit will kill you. If you're really looking for layers in firewalls try: Internet--HW firewall ---software firewall on computer ---computer If you're really look for layers in AV Internet -- Proxy (mail, http, whatever) w/ AV ---computer w/ AV These aren't that bad to set up...but do each require a separate physical computer. Grab an old PC and step up a good security Distribution on it like Smoothwall (smoothwall.org) and connect to the internet through that. All that said, besides obvious performance hits for running 4 services instead of 2, _IF_ (big if) the software is written very very well, then you should be able to run firewalls and AV's in tandem, but these products are written with the assumption that each will be the only product of it's kind on a given machine. -t -----Original Message----- From: Colin Rous [mailto:crous () sympatico ca] Sent: Wednesday, January 15, 2003 8:24 AM To: security-basics () securityfocus com Subject: Potetial Outpost Conflicts? G'day, all, I currently run two firewalls (Sygate and Tiny). I wanted to replace one with Outpost to see if Outpost is as good as people tell me it is. Agnitum warns you not to run more than one firewall, so I disconnected from the 'net, shut down both my firewalls and started the Outpost install. The install process noticed the existence of the other non-running firewalls on the sytem and gave me the following message: "You will most likely have the following problems if you decide to run more then one firewall on your computer: - Blue screen fatal errors, system freezing or sudden system reboots. - All access will be allowed for every application. Nothing will be blocked. - Every application will be blocked and you will be unable to connect to any web site. - Your computer system will be unable to boot up. - Every other error imaginable!" First, these claimed potential problems strike me as being somewhat over-the-top. Second, I run two AV programs (security in depth, and all that), one of which warns of dire consequences from running more than one AV program. In fact, I have no problems whatsoever; they don't even trip over each other's signature files. Neither do I get any conflicts between my current two firewalls or problems from running two. (I pass all GRC, Sygate and other tests with either or both.) So my question is: Has anyone experimented with running Outpost with another firewall? If so, what was your experience? If not, can anyone think of anything to justify Agnitum's claims? Is this just a problem of Outpost's? (No other firewall I know of issues such a warning.) Or is this just a marketing claim to encourage usage of Outpost and only Outpost? (My OS, BTW, is 98.) Cheers, Colin
Current thread:
- Potetial Outpost Conflicts? Colin Rous (Jan 16)
- RE: Potetial Outpost Conflicts? Tim V - DZ (Jan 17)
- Re: Potetial Outpost Conflicts? James Taylor (Jan 17)
- Re: Potetial Outpost Conflicts? alaskan (Jan 21)
- Re: Potetial Outpost Conflicts? Colin Rous (Jan 21)
- Re: Potetial Outpost Conflicts? James Taylor (Jan 23)
- Re: Potetial Outpost Conflicts? Colin Rous (Jan 21)
- Re: Potetial Outpost Conflicts? GSimmonds (Jan 22)
- <Possible follow-ups>
- RE: Potetial Outpost Conflicts? Doug McFarland (Jan 17)
- Re: Potetial Outpost Conflicts? H C (Jan 21)
- RE: Potetial Outpost Conflicts? adi diz (Jan 23)