[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4009B38A.6070308@well.com>
From: caferace at well.com (Jim Race)
Subject: Re: January 15 is Personal Firewall Day, help
the cause
James Patterson Wicks wrote:
> When you say properly configured firewall, does that include IDS? Does
> that mean that the firewall blocks all connection attempts from the
> outside but allows established traffic originating on the network
> interior? So if a system receives a Trojan from a web site, it can
> communicate with the outside world unmonitored? The problem with
> opening port 80 is that not only HTTP traffic can come in (i.e. Telnet).
> If you do not have a device or application looking at traffic about
> Layer 4, you could still have problems. Also, having AV look only at
> executables is a mistake. Just my two cents.
Its IDS is me. :) Logs are examined several times a day, and dealt with
through DShield and other avenues. Outbound connections are not
seriously monitored, and that is an avenue for problems IF I let
something get on the system.
A trojan is going to have to either:
a) Get past SA on the mail server, stripping all known executables and
variants.
b) Get past Virus scanning and tagging on same.
c) Get past Mozilla with all active email controls and Junk filters enabled.
d) Get past Mozilla "outside of the box" using most browsing controls.
and
e) Get past me, not a dumb user.
If someone *really* wants to mess with the box they could likely do
damage. Nothing important here though. Please move on. Intelligent
switching based on traffic/content profile is currently beyond my
expertise and equipment.
-jim
Powered by blists - more mailing lists