Security Basics mailing list archives
RE: Personal Firewall for Business use
From: "Kent James" <kent1 () caspia com>
Date: Fri, 31 Oct 2003 07:00:01 +0400
And I still fail to see why one would want to use a PF on a server.
Regards Ansgar Wiechers
I can give you a personal example, maybe trivial but real. Most of the time I live outside of the US, but my family network in the USA runs, unattended, on Windows 2000 server with a full-time modem connection to an ISP. An old version of Tiny Personal Firewall runs on that server, and successfully protected it from the MS Blaster worm that hit while I was out of the country. I don't use any of the personal firewall features such as application checking, just simple blocking of incoming connections that I have configured directly. So maybe you are correct that there is no reason to run a "personal firewall" on a server, but this particular "personal firewall product" had some value to me on a server, mainly because it was free and available. The other nice thing about running TPF is that it has a screen that shows all of the IP connections, and the traffic on them. I run it on my personal laptop, with the firewall disabled most of the time, just for that purpose. (And that is also useful on servers). +----------------+ Kent James, Ph.D, MCSE Computer network support in Baku, Azerbaijan +----------------+ -----Original Message----- From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] Sent: Thursday, October 30, 2003 8:06 PM To: security-basics () securityfocus com Subject: Re: Personal Firewall for Business use On 2003-10-29 Ivan Hernandez wrote:
Ansgar -59cobalt- Wiechers wrote:[ Windows TCP filtering ] "Application level protection" is ridiculous if the protecting agent is running on the same box. I keep wondering how people can expect software that allows user interaction (like most personal firewalls do) to prevent other (malicious) software from doint whatever it pleases.I would reccomend you to read the good information about on the Gibson Research site at http://www.grc.com Try the information leak utility that's very usefull with all the other toys written in assembly. It's a nice and educational site.
You're kidding me, right? You are not actually saying that you are using some software to protect some other software from the very same malware the other software is supposed to protect you from?
Windows Kernel Filtering will not stop a trojan from making connections on the internet, and that's one of the most important risks on a personal computer.
So what? Most so called personal firewalls (including Zone Alarm) won't do that reliable, so what's the point in using them? Besides I didn't say anything about Windows Kernel Filtering and we're talking about a *server* here.
Most worms are going via email today, and the filter will do nothing with that, but with some application level filtering, like Zone Alarm has, you can catch them before they go to the internet.
Have you even read what I was saying? No! You! Can't! At least not reliably. You probably could if the PF was running with escalated privileges AND your account weren't AND it had no interface to unprivileged users but rather rule-based configuration AND it the malware could not escalate it's own privileges AND wouldn't kill the PF. That's one hell of a lot preconditions for successfully using a software that's supposed to help secure your computer and AFAIK most PFs (including ZA) don't meet them. And I still fail to see why one would want to use a PF on a server. Regards Ansgar Wiechers --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- RE: Personal Firewall for Business use Kent James (Nov 03)
- Re: Personal Firewall for Business use Ansgar -59cobalt- Wiechers (Nov 03)
- Re: Personal Firewall for Business use Kevin Saenz (Nov 04)
- RE: Personal Firewall for Business use Kent James (Nov 06)
- Re: Personal Firewall for Business use Ansgar -59cobalt- Wiechers (Nov 07)
- Re: Personal Firewall for Business use Kevin Saenz (Nov 04)
- Re: Personal Firewall for Business use Ansgar -59cobalt- Wiechers (Nov 03)
- <Possible follow-ups>
- Re: Personal Firewall for Business use 'Ansgar -59cobalt- Wiechers' (Nov 03)