Security Basics mailing list archives
Re: Personal Firewall for Business use
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 7 Nov 2003 09:19:13 +0100
On 2003-11-06 Kent James wrote:
Another reason that I often give against PFs is that, when used truly as a personal firewall (and not as a basic port filter, as in my example) they keep asking, "Do you want to enable internet access for application xxx?" Trouble is, trojans can have the exact same name as a "real" application, only located in another directory. Most users will just routinely say yes, and pretty soon the personal firewall is worse than useless.
Even worse: what will stop $MALWARE from saying "yes" (e.g. by sending keystrokes) instead of the user? Yes, this is possible.
But what choice do users really have, particularly modem users?
Have a packet filter on a separate box, keep your virus protection up to date and your boxes patched, do not run br0ken software and never ever blindly trust anything from the outside world.
Our clients are mostly small, and are often in transition from 3-4 people all with individual modem accounts, to a network with a shared internet connection. When we talk about firewalls and such, they begin to get scared. Somehow they don't understand that anything we do on a LAN is better than the wide-open world of the Windows user without a PF connecting to the internet with a modem. I'm almost convincing myself that I *should* be promoting PFs!
No. That would most likely just induce an ill sense of security. There are already enough users "perfectly secure" because they run multiple virus scanners (last updated years ago) and a Personal Firewall (allowing full access because the user did not understand what $PF was asking him when he clicked "yes"). We do not need any more of them. I'm not expecting them to run a Linux or OpenBSD box as a packet filter, but there are nice appliances for SOHOs that may do very well. Automatic updates (patches, virus definitions) may help as well. There even exists software that is not broken (or at least less broken than IE/OE). Regards Ansgar Wiechers --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- RE: Personal Firewall for Business use Kent James (Nov 03)
- Re: Personal Firewall for Business use Ansgar -59cobalt- Wiechers (Nov 03)
- Re: Personal Firewall for Business use Kevin Saenz (Nov 04)
- RE: Personal Firewall for Business use Kent James (Nov 06)
- Re: Personal Firewall for Business use Ansgar -59cobalt- Wiechers (Nov 07)
- Re: Personal Firewall for Business use Kevin Saenz (Nov 04)
- Re: Personal Firewall for Business use Ansgar -59cobalt- Wiechers (Nov 03)
- <Possible follow-ups>
- Re: Personal Firewall for Business use 'Ansgar -59cobalt- Wiechers' (Nov 03)