Re: UTTER HORSESHIT: [was January 15 is Personal Firewall Day, help the cause]

[Ron DuFresne <dufresne () winternet com>]

On Thu, 15 Jan 2004, Mary Landesman wrote:

> Interpretation is subjective, but I have always interpreted the Sam Spade
> rant to be directed at the alerting many of these PFWs do, vs. the actual
> effectiveness. In fact, his point seems to be to get a hardware-based
> firewall. This isn't an option for the "Annie's" of this world. Properly
> used, a PFW provides excellent adjunct protection and, I believe, is a
> must-have. In fact, even when hardware-based firewalls are available, a
> properly configured PFW can prevent the scenario played out over and over
> again with Blaster - laptops piggybacking the infection past the perimeter
> defenses (i.e., hand-carried in through the front door) and then wreaking
> havoc once inside. Had these enterprises also employed PFWs, that would not

And is what is meant by one of the fundamental principles of security;
layering!  Good point!

> have occurred. (Of course, there are many reasons a PFW in the enterprise
> could be problematic and I do recognize that - but this isn't the focus of
> the discussion).
>
> NO solution is immune from user-error. Thus, folks who want to help out
> their friends and neighbors (and the Internet as a whole), should not just
> recommend a PFW, but take the time to show the person how to use it
> properly. And, yes, part of that should involve disabling alerting where
> prudent and taking a few moments to configure the appropriate trusted apps.
> Doing this will ensure the best chance (though never 100%) of a PFW working
> properly and effectively on "Annie's" computer.
>
> I use a NAT+firewall for my home network. But I also use a PFW. Why? It's
> great policy management. If I turn on a system my son also uses, I can keep
> his chat and other superfluous apps from connecting while I do whatever it
> is I need.

Additionally, the PFW in this case can be a warning of a problem in the HW
FW, it either not functioning, malfunctioning, or someone actually finding
a way to circumvent it.  The PFW in this case being a config/activity
chack of the HWFW.  Silence is golden, even with a PFW setup to be
chatting in this case <smile>.

> In the Sam Spade article, it is clear he is frustrated with user inquiries
> into why something is alerting or what something in the log means. And his
> frustration is completely understandable. However, I think it is disservice
> to somehow interpret his frustration as an argument that PFWs are bad ideas.
> For many, they provide the best means of protection accessible to a
> particular breed of user. And, as such, their use should be encouraged. With
> proper training, of course.
>
> And yes, some malware can disable it. This is a fairly common tactic with
> some email worms. But that simply underscores the need to educate users
> about email - it is not, IMO, an indictment of PFWs nor is it a reason to
> not use one. Using your house analogy, that would be like telling someone
> not to bother locking their front door, because an intruder could come in
> through the back and unlock the front one... Better to learn to lock both
> doors, use the peephole, etc.

Good points!  Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html