Re: to PFW or not to PFW
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: to PFW or not to PFW

From: Duane Arnold <NotMe@NotMe.com>
Date: Tue Jan 31 2006 - 20:50:17 CET



JIP wrote:


> Greetings


> 


> As a non-techie I am confused. Whilst lurking in this and related groups I 


> see a debate that goes on as to whether there is any point in using PFWs, in 


> particular to monitor outgoing traffic. Some say it's essential (as do most 


> magazines, and of course all companies marketing such products) and others 


> say that they are so easily circumvented that it's a waste of time - and if 


> I understand correctly, some even say that they actually open up further 


> vulnerabilities.


> 


Get yourself a FW packet filtering router that meets the specs below in 


the link.



http://www.firewall-software.com/firewall_faqs/what_does_firewall_do.html



And you can get something like Walwatcher (free) and review the logs.



> So, what may be a naive question - is there any point in using a PFW to at 


> least stop badly written nasties from kiddy vandals who haven't learned yet 


> how to do it properly?



I use a personal FW on the laptop while on the road and it's 


supplemented by IPsec. I have a PFW that doesn't have the snake-oil crap 


in it and turn off the one snake-oil crap that it does have in it -- 


Application Control.



For the laptop on the road, I go where I am supposed to go and that's to 


the O/S and close holes and shutdown services I don't need.



While at home and the machines are sitting behind the FW appliance, I 


don't use any PFW(s) on the machines, which would be the same if I was 


using a packet filtering FW router that could stop inbound and outbound.



http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm



The key to me is using common sense and not clicking on unknown links at 


websites or in emails, don't accept unknown emails don't let them reach 


the machine, secure the O/S as much as possible, go look for yourself as 


to what's running or happening on the machine by using tools like 


Process Explorer, Active Ports, and review router or FW appliance logs 


for dubious connections to remote WAN IP(s).



If the NAT router couldn't stop outbound, the I would a PFW to 


supplement it. The rest of the snake-oil crap is PFW(s) is basically 


worthless IMHO and can be defeated so don't lean on it like a crutch.



Duane :)


Received on Tue Feb  7 20:58:34 2006