[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <40071328.6060806@jmu.edu>
Date: Thu, 15 Jan 2004 17:24:40 -0500
From: Gary Flynn <flynngn@....edu>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: Re: January 15 is Personal Firewall Day, help
the cause
Folks,
Argue the technical merits of firewalls all you want
but keep reality in mind:
1) There are millions of vulnerable computers out
there on the net operated by people you have
little or no chance of training as a system
administrator.
2) Fixing tomorrow's software (whether by not shipping
it with open ports or by somehow magically shipping
it with no flaws) will not do anything to help the
vulnerabilities, exploits, and criminal behavior that
are out there TODAY.
3) A firewall is going to make the immediate situation
better, not worse. (Except perhaps for the support
folks who have to put up with all the silly, worthless,
and alarming popups some commercial offerers choose to
include in their default installation settings.)
Simply put, we are currently in a bad situation. Affixing
blame and crying because the solution isn't perfect or
doesn't magically and retroactively solve all the problems
isn't going to do anything to improve the situation. A
firewall will help rectify bad business decisions that led
to shipping consumer devices with ports open by default,
and shield all the defective software running on those
machines. The environment changed under us in the last
decade. There is plenty of blame to go around.
That said, I wonder if its necessary to push third party
products. Windows XP and 2003 ship with ICF...a nice quiet
firewall. Windows 2000 has IPSEC policies which, although
complicated, can be used to provide a functional incoming
communications firewall. Wrap it up with some scripts and
an HTA web interface to make it user friendly. 9x has fewer
open ports and is slowly going away.
While the outbound application filtering is useful,
when firewalls become common, then malicious code will
incorporate firewall disabling software just as often
as they now include SMTP software. Shoot, AV vendors
might do us all a favor if code inspection detects
firewall API calls or process kills to firewall
or AV processes and pops up a warning. :)
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists