Re: Re: Virus infect on single user

["Gregory A. Gilliss" <ggilliss () netpublishing com>]

Okay, flame off.

Firewalls do one thing and one thing only...filter traffic. The traffic
still hits the network interfaces, the firewall still ought to do stateful
inspection. The main benefit is that the traffic stays off of the internal
network. It's a screen on your Windows to keep flys out. However, like a
screen, it most likely has at least one hole in it.

Why would someone need a "personal firewall" on their computer? Well, I
install one on all Windows machines, because as good as the firewall may
be, skilled people who can sneak packets past it. Firewalls are not "true
firewalls" unless they block *everything*, and almost no firewall does
that.  There's a service listening somewhere on pretty much every firewall,
which means that someone skilled enough to build and route packets can
sneak something through disguised as HTTP/SSH/whatever. So having the
"personal firewall" serves as a second line of defense against the one
percent who can and will make it past the first line of defense. Plus
the antivirus software helps too if you are fool enough to check your 
mail from Windows.

I agree completely that the workstations/servers behind the firewall 
need to be hardened to the extent possible. Still a network of hardened 
workstations and servers can be induced to generate one hell of a 
broadcast storm on the internal network if an attacker can sneak the 
correct broadcast pings through the perimeter. A personal firewall won't
stop this, but it *will* log it (which is what you would need to figure 
out what it is and how to stop it).

So, yeah, personal firewall can't hurt, but it's no panacea either.

G

On or about 2004.02.09 12:45:51 +0000, Kenton Smith (ksmith () chartwelltechnology com) said:

> I'm not trying to start this miserable debate again, so please read
> the whole email before you flame me ;)
>
> I read through a bunch of this stuff and couldn't find anywhere where
> it says you don't need a firewall. It's all about making sure that your
> instance of Windows is as secure as possible, but once you've done that
> you still need a firewall. They also don't mention anything about
> keeping your patch levels up to date either.
> These get thrown around a lot - "Security is a process, not a product."
> and "Defence in depth.".
>
> I think the most important advice for the original poster is; Know your
> tools. You got this pop-up thing because you thought that by having
> Anti-virus and Firewall software that you were fully protected. However
> you didn't know what your were still open to. You need to learn what
> these tools do and more importantly, what they don't do.

-- 
Gregory A. Gilliss, CISSP                              E-mail: greg () gilliss com
Computer Security                             WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html