lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030814190117.12780.qmail@web20601.mail.yahoo.com>
From: joey2cool at yahoo.com (Joey)
Subject: Microsoft urging users to buy Harware Firewalls

I would have to disagree, no OS that listens on ports
is secure, and firewalls can defend against all
threats. The only attack that you can pull on a
non-open OS or well firewalled connection is a DoS
attack. Even with that, usually you dont break the
OS(there was a case with win95 and "nuke" attacks) but
you can flood the connection.

A combination of a good firewall and a secure OS, one
that doesn't run servers unless you tell it to, is the
best way to go. Firewalls can block ICMP requests and
DoS attacks to an extent, and log them when an OS
cant. There are several OSs that can be configured to
not run servers during install and a lot dont run
servers on the default install. The problem with
windows is that it runs several services that you
cannot disable during install, and in a critical part
of the OS. Then microsoft wants you to hide their
mistakes that they probably wont fix themselves by
saying RPC was never meant to be on the internet in
the first place, even though it has been since NT!

In most services in windows, you cant change ports, or
change access rules by IP like restricting connections
to only localhost or subnets. All microsoft has to do
is a "netstat -an" to see the 20 ports or however many
they have open on a default install. They released a
patch but DCOM is still on, and RPC is still listening
on port 135. More and more ISPs are blocking port 135
now though because of microsoft.

Each time my ISP has blocked a port it had something
to do with microsoft products. 80(codered/nimda),
136-139(netbios), 445(SMB), 1433-1434(slammer),
135(RPC). Because of codered I am no longer able to
run a webserver from home. Sure, my ISP as well as
most ISPs say no servers but they really didnt care
before codered.

--- "Jeffrey A.K. Dick" <jeffdick@...irt.com> wrote:
> I think that we need to stop looking for a single
> "solution" ... there is no
> silver bullet to be found ... all OS's are insecure
> and no firewall can
> defend against all threats. There are always going
> to be exploitable
> weaknesses. Anybody who says otherwise is either an
> idiot or is trying to
> sell something.
> 
> Firewalls are an excellent means of defense --
> everyone should have one and
> it should be seperate from the desktop OS. However,
> just as "real" firewalls
> do not prevent fires, network firewalls do not
> prevent security breaches -- 
> they are designed to slow the spread.


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ