| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: caferace at well.com (Jim Race) Subject: Re: January 15 is Personal Firewall Day, help the cause James Patterson Wicks wrote: > When you say properly configured firewall, does that include IDS? Does > that mean that the firewall blocks all connection attempts from the > outside but allows established traffic originating on the network > interior? So if a system receives a Trojan from a web site, it can > communicate with the outside world unmonitored? The problem with > opening port 80 is that not only HTTP traffic can come in (i.e. Telnet). > If you do not have a device or application looking at traffic about > Layer 4, you could still have problems. Also, having AV look only at > executables is a mistake. Just my two cents. Its IDS is me. :) Logs are examined several times a day, and dealt with through DShield and other avenues. Outbound connections are not seriously monitored, and that is an avenue for problems IF I let something get on the system. A trojan is going to have to either: a) Get past SA on the mail server, stripping all known executables and variants. b) Get past Virus scanning and tagging on same. c) Get past Mozilla with all active email controls and Junk filters enabled. d) Get past Mozilla "outside of the box" using most browsing controls. and e) Get past me, not a dumb user. If someone *really* wants to mess with the box they could likely do damage. Nothing important here though. Please move on. Intelligent switching based on traffic/content profile is currently beyond my expertise and equipment. -jim
Powered by blists - more mailing lists