lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4009B38A.6070308@well.com>
From: caferace at well.com (Jim Race)
Subject: Re: January 15 is Personal Firewall Day, help
 the cause

James Patterson Wicks wrote:

 > When you say properly configured firewall, does that include IDS?  Does
 > that mean that the firewall blocks all connection attempts from the
 > outside but allows established traffic originating on the network
 > interior?  So if a system receives a Trojan from a web site, it can
 > communicate with the outside world unmonitored?  The problem with
 > opening port 80 is that not only HTTP traffic can come in (i.e. Telnet).
 > If you do not have a device or application looking at traffic about
 > Layer 4, you could still have problems.  Also, having AV look only at
 > executables is a mistake.  Just my two cents.


Its IDS is me. :) Logs are examined several times a day, and dealt with 
through DShield and other avenues. Outbound connections are not 
seriously monitored, and that is an avenue for problems IF I let 
something get on the system.

A trojan is going to have to either:

a) Get past SA on the mail server, stripping all known executables and 
variants.
b) Get past Virus scanning and tagging on same.
c) Get past Mozilla with all active email controls and Junk filters enabled.
d) Get past Mozilla "outside of the box" using most browsing controls.

and

e) Get past me, not a dumb user.

If someone *really* wants to mess with the box they could likely do 
damage. Nothing important here though. Please move on. Intelligent 
switching based on traffic/content profile is currently beyond my 
expertise and equipment.

-jim


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ