Re: Re: January 15 is Personal Firewall Day, help the cause

[Jim Race <caferace () well com>]

James Patterson Wicks wrote:

> When you say properly configured firewall, does that include IDS?  Does
> that mean that the firewall blocks all connection attempts from the
> outside but allows established traffic originating on the network
> interior?  So if a system receives a Trojan from a web site, it can
> communicate with the outside world unmonitored?  The problem with
> opening port 80 is that not only HTTP traffic can come in (i.e. Telnet).
> If you do not have a device or application looking at traffic about
> Layer 4, you could still have problems.  Also, having AV look only at
> executables is a mistake.  Just my two cents.


Its IDS is me. :) Logs are examined several times a day, and dealt with 
through DShield and other avenues. Outbound connections are not 
seriously monitored, and that is an avenue for problems IF I let 
something get on the system.

A trojan is going to have to either:

a) Get past SA on the mail server, stripping all known executables and 
variants.
b) Get past Virus scanning and tagging on same.
c) Get past Mozilla with all active email controls and Junk filters enabled.
d) Get past Mozilla "outside of the box" using most browsing controls.

and

e) Get past me, not a dumb user.

If someone *really* wants to mess with the box they could likely do 
damage. Nothing important here though. Please move on. Intelligent 
switching based on traffic/content profile is currently beyond my 
expertise and equipment.

-jim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html