Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: January 15 is Personal Firewall Day, help the cause

From: Gary Flynn <flynngn () jmu edu>
Date: Thu, 15 Jan 2004 17:24:40 -0500
Folks,

Argue the technical merits of firewalls all you want
but keep reality in mind:

1) There are millions of vulnerable computers out
   there on the net operated by people you have
   little or no chance of training as a system
   administrator.

2) Fixing tomorrow's software (whether by not shipping
   it with open ports or by somehow magically shipping
   it with no flaws) will not do anything to help the
   vulnerabilities, exploits, and criminal behavior that
   are out there TODAY.

3) A firewall is going to make the immediate situation
   better, not worse. (Except perhaps for the support
   folks who have to put up with all the silly, worthless,
   and alarming popups some commercial offerers choose to
   include in their default installation settings.)

Simply put, we are currently in a bad situation. Affixing
blame and crying because the solution isn't perfect or
doesn't magically and retroactively solve all the problems
isn't going to do anything to improve the situation. A
firewall will help rectify bad business decisions that led
to shipping consumer devices with ports open by default,
and shield all the defective software running on those
machines. The environment changed under us in the last
decade. There is plenty of blame to go around.

That said, I wonder if its necessary to push third party
products. Windows XP and 2003 ship with ICF...a nice quiet
firewall. Windows 2000 has IPSEC policies which, although
complicated, can be used to provide a functional incoming
communications firewall. Wrap it up with some scripts and
an HTA web interface to make it user friendly. 9x has fewer
open ports and is slowly going away.

While the outbound application filtering is useful,
when firewalls become common, then malicious code will
incorporate firewall disabling software just as often
as they now include SMTP software. Shoot, AV vendors
might do us all a favor if code inspection detects
firewall API calls or process kills to firewall
or AV processes and pops up a warning. :)


--
Gary Flynn
Security Engineer - Technical Services
James Madison University


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: