Full Disclosure mailing list archives
Re: Re: Virus infect on single user
From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
Date: Mon, 9 Feb 2004 12:45:32 -0800
Okay, flame off. Firewalls do one thing and one thing only...filter traffic. The traffic still hits the network interfaces, the firewall still ought to do stateful inspection. The main benefit is that the traffic stays off of the internal network. It's a screen on your Windows to keep flys out. However, like a screen, it most likely has at least one hole in it. Why would someone need a "personal firewall" on their computer? Well, I install one on all Windows machines, because as good as the firewall may be, skilled people who can sneak packets past it. Firewalls are not "true firewalls" unless they block *everything*, and almost no firewall does that. There's a service listening somewhere on pretty much every firewall, which means that someone skilled enough to build and route packets can sneak something through disguised as HTTP/SSH/whatever. So having the "personal firewall" serves as a second line of defense against the one percent who can and will make it past the first line of defense. Plus the antivirus software helps too if you are fool enough to check your mail from Windows. I agree completely that the workstations/servers behind the firewall need to be hardened to the extent possible. Still a network of hardened workstations and servers can be induced to generate one hell of a broadcast storm on the internal network if an attacker can sneak the correct broadcast pings through the perimeter. A personal firewall won't stop this, but it *will* log it (which is what you would need to figure out what it is and how to stop it). So, yeah, personal firewall can't hurt, but it's no panacea either. G On or about 2004.02.09 12:45:51 +0000, Kenton Smith (ksmith () chartwelltechnology com) said:
I'm not trying to start this miserable debate again, so please read the whole email before you flame me ;) I read through a bunch of this stuff and couldn't find anywhere where it says you don't need a firewall. It's all about making sure that your instance of Windows is as secure as possible, but once you've done that you still need a firewall. They also don't mention anything about keeping your patch levels up to date either. These get thrown around a lot - "Security is a process, not a product." and "Defence in depth.". I think the most important advice for the original poster is; Know your tools. You got this pop-up thing because you thought that by having Anti-virus and Firewall software that you were fully protected. However you didn't know what your were still open to. You need to learn what these tools do and more importantly, what they don't do.
-- Gregory A. Gilliss, CISSP E-mail: greg () gilliss com Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Virus infect on single user Rompax We Burn Everything (Feb 09)
- RE: Virus infect on single user Sean Crawford (Feb 09)
- Re: Virus infect on single user Gregh (Feb 09)
- Re: Virus infect on single user morning_wood (Feb 09)
- Re: Virus infect on single user Steffen Hetzel (Feb 09)
- Re: Re: Virus infect on single user Kenton Smith (Feb 09)
- Re: Re: Virus infect on single user Gregory A. Gilliss (Feb 09)
- Re: Re: Virus infect on single user Ron DuFresne (Feb 09)
- Re: Virus infect on single user Steffen Hetzel (Feb 09)
- Re: Re: Virus infect on single user Kenton Smith (Feb 09)
- <Possible follow-ups>
- RE: Virus infect on single user Schmehl, Paul L (Feb 09)
- RE: Virus infect on single user CHS (Feb 09)
- Re: Virus infect on single user Cael Abal (Feb 09)
- anti-adware and false positives (was: Virus infect on single user) Spiro Trikaliotis (Feb 10)
- RE: Virus infect on single user CHS (Feb 09)
- RE: Virus infect on single user Brad Griffin (Feb 09)
- Re:Re: Virus infect on single user Ian Latter (Feb 10)
- RE: Virus infect on single user Sean Crawford (Feb 09)