RE: Spam: Zonealarm+Windows Firewall

["evb" <swiver () cox net>]

I wanted to run an SSH server as a Windows service, but open a custom SSh
port via port knocking only when access was needed.  

To do this, I needed the SSH server to be running, but I also needed the
port closed until I came a'knocking.  When I needed SSH access, I could port
knock, open the port, do my business, the port knock to close the port.

ZoneAlarm itself does not appear to allow this: that is, if SSh is running,
the port is open and waiting for connections, or if the port is closed, then
it's because the SSH service isn't bound it the port and therefore can't
accept connections.  

So I chose to run ZA plus the Windows firewall.  Running both simultaneously
allows SSh to bind to the port but still have the port closed for inbound
connections (stealth mode).

So isn't that a good reason to have both?

Eric 
 

:-----Original Message-----
:From: Jeff Britton, Monitored Security 
:[mailto:jeff.britton () monitoredsecurity com] 
:Sent: Monday, February 27, 2006 8:43 AM
:To: barcajax () gmail com
:Cc: security-basics () securityfocus com
:Subject: RE: Spam: Zonealarm+Windows Firewall
:
:I really don't see much value added by running both firewalls 
:on the same host.  In my experience, ZoneAlarm has done a 
:great job monitoring both in and outbound traffic and should 
:be sufficient (considering near-optimal management).  Running 
:a second firewall, such as the Windows Firewall, adds another 
:layer of complexity, but not necessarily another layer of 
:security.  I just don't see it being efficient, from both a 
:performance perspective, as well as from a security perspective.
:
:Jeff
:
:-----Original Message-----
:From: barcajax () gmail com [mailto:barcajax () gmail com]
:Sent: Saturday, February 25, 2006 2:16 AM
:To: security-basics () securityfocus com
:Subject: Spam: Zonealarm+Windows Firewall
:
:
:I have been using Zonealarm for many years. I've only started 
:using Windows Firewall recently after upgrading my XP to SP2. 
:I know that Windows Firewall only filters incoming packets 
:(correct me if I'm wrong) thus I have kept my Zonealarm 
:installed and running.
:What is the implication of running both firewalls 
:concurrently? Does Windows Firewall automatically take 
:precedence over Zonealarm? Does this constitute a 2-tier 
:firewall on my home PC?
:I noticed that Windows Firewall does not notify me before 
:dynamically adding new rules to allow traffic through. This 
:concerns me greatly and I am contemplating turning Windows 
:Firewall off and relying on Zonealarm. Any comments?
:
:---------------------------------------------------------------
:------------
:EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The 
:Norwich University program offers unparalleled Infosec 
:management education and the case study affords you unmatched 
:consulting experience. 
:Tailor your education to your own professional goals with 
:degree customizations including Emergency Management, Business 
:Continuity Planning, Computer Emergency Response Teams, and 
:Digital Investigations. 
:
:http://www.msia.norwich.edu/secfocus
:---------------------------------------------------------------
:------------
:
:
:---------------------------------------------------------------
:------------
:EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The 
:Norwich University program offers unparalleled Infosec 
:management education and the case study affords you unmatched 
:consulting experience. 
:Tailor your education to your own professional goals with 
:degree customizations including Emergency Management, Business 
:Continuity Planning, Computer Emergency Response Teams, and 
:Digital Investigations. 
:
:http://www.msia.norwich.edu/secfocus
:---------------------------------------------------------------
:------------
:


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------