Firewall Wizards mailing list archives
Re: Personal Firewall Rules
From: Ng Pheng Siong <ngps () netmemetic com>
Date: Mon, 26 Jul 2004 11:08:20 +0800
On Sun, Jul 25, 2004 at 01:56:06PM -0400, Marcus J. Ranum wrote:
- if you must allow something incoming allow it only to software
you have good reason to trust
I use Kerio 2.x. It keeps (MD5?) checksums of network-using executables (both clients and servers) and warns you "program xxx.exe has changed, do you want to continue?" when you replace such a program, e.g., after upgrading IE. On a consumer Windows box, this might be the right balance between no checking of executables and accounting for every file and every registry entry a la Tripwire and clones, perhaps coupled with public repositories of MD5 digests for "well-known" programs. (I think I saw such a thing before. Anyone has a URL handy?) Cheers. -- Ng Pheng Siong <ngps () netmemetic com> http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Personal Firewall Rules Nick Brandson (Jul 25)
- Re: Personal Firewall Rules Marcus J. Ranum (Jul 25)
- Re: Personal Firewall Rules Vinicius Moreira Mello (Jul 26)
- Re: Personal Firewall Rules Ng Pheng Siong (Jul 26)
- Re: Personal Firewall Rules mlh (Jul 27)
- Re: Personal Firewall Rules Marcus J. Ranum (Jul 25)