Security Basics mailing list archives

Re: Personal Firewall for Business use

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 7 Nov 2003 09:19:13 +0100

On 2003-11-06 Kent James wrote:

Another reason that I often give against PFs is that, when used truly
as a personal firewall (and not as a basic port filter, as in my
example) they keep asking, "Do you want to enable internet access for
application xxx?" Trouble is, trojans can have the exact same name as
a "real" application, only located in another directory. Most users
will just routinely say yes, and pretty soon the personal firewall is
worse than useless.


Even worse: what will stop $MALWARE from saying "yes" (e.g. by sending
keystrokes) instead of the user? Yes, this is possible.

But what choice do users really have, particularly modem users?


Have a packet filter on a separate box, keep your virus protection up to
date and your boxes patched, do not run br0ken software and never ever
blindly trust anything from the outside world.

Our clients are mostly small, and are often in transition from 3-4
people all with individual modem accounts, to a network with a shared
internet connection. When we talk about firewalls and such, they begin
to get scared. Somehow they don't understand that anything we do on a
LAN is better than the wide-open world of the Windows user without a
PF connecting to the internet with a modem.

I'm almost convincing myself that I *should* be promoting PFs!


No. That would most likely just induce an ill sense of security. There
are already enough users "perfectly secure" because they run multiple
virus scanners (last updated years ago) and a Personal Firewall
(allowing full access because the user did not understand what $PF was
asking him when he clicked "yes"). We do not need any more of them.

I'm not expecting them to run a Linux or OpenBSD box as a packet filter,
but there are nice appliances for SOHOs that may do very well. Automatic
updates (patches, virus definitions) may help as well. There even exists
software that is not broken (or at least less broken than IE/OE).

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------

Current thread:

RE: Personal Firewall for Business use Kent James (Nov 03)
- Re: Personal Firewall for Business use Ansgar -59cobalt- Wiechers (Nov 03)
  - Re: Personal Firewall for Business use Kevin Saenz (Nov 04)
    - RE: Personal Firewall for Business use Kent James (Nov 06)
    - Re: Personal Firewall for Business use Ansgar -59cobalt- Wiechers (Nov 07)
- <Possible follow-ups>
- Re: Personal Firewall for Business use 'Ansgar -59cobalt- Wiechers' (Nov 03)