lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040209204532.GB5496@netpublishing.com>
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: Re: Virus infect on single user

Okay, flame off.

Firewalls do one thing and one thing only...filter traffic. The traffic
still hits the network interfaces, the firewall still ought to do stateful
inspection. The main benefit is that the traffic stays off of the internal
network. It's a screen on your Windows to keep flys out. However, like a
screen, it most likely has at least one hole in it.

Why would someone need a "personal firewall" on their computer? Well, I
install one on all Windows machines, because as good as the firewall may
be, skilled people who can sneak packets past it. Firewalls are not "true
firewalls" unless they block *everything*, and almost no firewall does
that.  There's a service listening somewhere on pretty much every firewall,
which means that someone skilled enough to build and route packets can
sneak something through disguised as HTTP/SSH/whatever. So having the
"personal firewall" serves as a second line of defense against the one
percent who can and will make it past the first line of defense. Plus
the antivirus software helps too if you are fool enough to check your 
mail from Windows.

I agree completely that the workstations/servers behind the firewall 
need to be hardened to the extent possible. Still a network of hardened 
workstations and servers can be induced to generate one hell of a 
broadcast storm on the internal network if an attacker can sneak the 
correct broadcast pings through the perimeter. A personal firewall won't
stop this, but it *will* log it (which is what you would need to figure 
out what it is and how to stop it).

So, yeah, personal firewall can't hurt, but it's no panacea either.

G

On or about 2004.02.09 12:45:51 +0000, Kenton Smith (ksmith@...rtwelltechnology.com) said:

> I'm not trying to start this miserable debate again, so please read
> the whole email before you flame me ;)
> 
> I read through a bunch of this stuff and couldn't find anywhere where
> it says you don't need a firewall. It's all about making sure that your
> instance of Windows is as secure as possible, but once you've done that
> you still need a firewall. They also don't mention anything about
> keeping your patch levels up to date either.
> These get thrown around a lot - "Security is a process, not a product."
> and "Defence in depth.".
> 
> I think the most important advice for the original poster is; Know your
> tools. You got this pop-up thing because you thought that by having
> Anti-virus and Firewall software that you were fully protected. However
> you didn't know what your were still open to. You need to learn what
> these tools do and more importantly, what they don't do.

-- 
Gregory A. Gilliss, CISSP                              E-mail: greg@...liss.com
Computer Security                             WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ