Re: Zone Alarm & Wireless Access Point Security

On Mon, 13 Feb 2006 05:12:31 GMT, Duane Arnold <NotMe@NotMe.com>
wrote:

>Ajax wrote:
>>>> I have been successful in getting everyone to notify me if any
>>>>unusual warning are sent by Zone Alarm or any of the anti-virus,
>>>>anti-malware programs. I just started requiring my nephew to allow me
>>>>to install any new software, mostly games, so that I can try to
>>>>eliminate any threats before they become an issue.
>>>
>>>You're not going to get threats that way. How you will get them is if
>>>the user opens unknown email, clicks or unknown links in the attachment
>>>of the email, go to dubious sites and click on something, and bringing a
>>>dubious diskette and slap it into a machine etc, etc. Anything that the
>>>users has to contribute to the compromise or are being duped. All that
>>>other software including ZAG with its application control can be
>>>circumvented and defeated. The only thing you have mentioned that I
>>>would count on is the AV and even it can be defeated on a zero day exploit.
>>
>>
>> For the longest time we could not figure out how some of the spyware
>> was being installed on my Nephew's computer. The we discovered that
>> some of his games installed various spyware when the game was being
>> installed. Sometimes the games would try to call home themselves, but
>> most often they installed add-on programs that caused problems.
>>
>>
>>>> For the most part we have been very successful. Once we were able to
>>>>identify his games as including spyware, we have been able to clean up
>>>>all of them.
>>>>
>>>> It used to amuse me that my wife's former employer, a technology
>>>>company with a great claim to network security prowess, was constantly
>>>>having its system infected with malware. The first time I decided to
>>>>clean up her laptop it had more infections than a Vietnamese
>>>>prostitute.
>>>
>>>Well, it needs better control and education of its user base using the
>>>machines on the network. The company cannot stop the end user from
>>>clicking on something and really cannot control what a person will bring
>>>to work and slap into a machine. Once the machine has been compromised,
>>>it's over and it will spread because the machine are network and sharing
>>>resources.
>>
>>
>> Most of their infections were transmitted throughout the company via
>> email. They were hacked a few times too. It was a real mess. It was
>> amusing that I was able to keep my wife's laptop clean only after I
>> removed the corporate anti-virus, anti-malware, and email scanner
>> software and replaced them the same software that I used on my home
>> machines.
>>
>> This pissed off the tech department so much that when her laptop went
>> in for an upgrade the removed all of my software. Within a week her
>> laptop was filled with malware again.
>>
>>>> Time will tell if Volker is right. Its just too bad that we all have
>>>>to spend so much time, effort, and money making sure that our
>>>>computers are safe from the creeps on the web.
>>>>
>>>
>>>The end-user on the job or home user must be educated. Until that
>>>happens, what can you say about it?
>>>
>>>Did you get your original questions about the WAP a ZA in either NG
>>>answered? :)
>>
>>
>> I think that Volker believes that it does not matter. Other than
>> that, no. I have put the WAP in a trusted zone in Zone Alarm. Since it
>> is not between my PC and the Internet, I think that it is safe to do
>> this. As I said before, my guess is that is doing a port scan or it is
>> trying to send its log to my PC.
>>
>> I guess that if I discover that Bin Laden is using my WAP that I'll
>> have to put it back into the Internet zone again. <g>
>>
>> Last night I upgraded the software for my Linksys BEFSX41 router. I
>> now have it emailing all log files so that I can review anything that
>> the router thinks is a threat.
>>
>
>It sounds like you have pretty good control. I don't know but either WAP
> is trying to send logs or it's trying to do some kind of discovery. I
>don't know anything about a standalone WAP. If the IP is the device IP
>of the WAP, then accept it.
>
>Do you know about Wallwatcher (free) that works with the BEF model
>routers -- don't leave home without it? <g>
>
>Duane :)

 I have had WallWatcher installed for a couple of years now. I'm
going to do some experimenting with the WAP and the wireless network
this week to see if I can figure out exactly that the WAP is up to.
 
 
Received on Mon May 1 00:50:37 2006