Re: [fw-wiz] Home firewall/NAT appliances - summary

From: Dave Piscitello (dave_at_corecom.com)
Date: 07/17/03

  • Next message: Paul Ammann: "Re: [fw-wiz] Recommened readings for Developing Security Policy / Audit Proced ures"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 17 Jul 2003 09:04:44 -0400
    
    

    Thanks, I received about 20 replies.

    *All* SOHO firewall/NAT _appliances_ known to folks who
    responded default to allow any outbound. I asked to confirm
    what I believe true on behalf of a friend who is designing a
    home product that may require some remote access: since
    most home users don't configure firewall inbound policy (which
    is almost always deny ALL inbound, one possibility is to have
    the product "all home", (like certain trojans and zombies and
    subscriptionware).

    *Lots* of folks say this makes sense.
    I won't start a thread about this, I'm sure we've endured
    enough "security vs. ease of installation" discussions.

    If you want to take this up with me, do so offline and save
    maillist electrons.

    Some folks responded with experience from personal firewall
    software. Several of these do indeed block all outbound
    applications by default and some interact with the user
    on a per application basis to customize a policy. I'm not
    convinced every home user responds knowledgeably
    to "notarookit.exe wants to connect to the internet, is this OK?",
    but at least it's not wide open.

    At 10:14 AM 7/17/2003 +1000, Michael Still wrote:

    > > Most every home firewall/NAT appliance I've configured
    > > comes with an out-of-the-box default policy of "allow any outbound".
    > >
    > > Is this everyone's experience?
    >
    >Pretty much. For homes, it makes a lot of sense.
    >
    >Cheers,
    >Mikal
    >
    >--
    >
    >Michael Still (mikal@stillhq.com) | Stage 1: Steal underpants
    >http://www.stillhq.com | Stage 2: ????
    >UTC + 10 | Stage 3: Profit

    ----------
    David M. Piscitello
    Core Competence, Inc.
    Myrtle Bank Lane HHI, SC 29926
    Company: http://www.corecom.com
    WebLog: http://hhi.corecom.com/weblogindex.htm
    Personal: http://hhi.corecom.com

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul Ammann: "Re: [fw-wiz] Recommened readings for Developing Security Policy / Audit Proced ures"

    Relevant Pages

    • Re: Software v. Hardware firewall?
      ... A Hardware firewall does NOT assume that LAN traffic ... You can configure inbound and outbound packet filters. ... home users will not configure all that outbound crap, ... spectrum from packet filtering to proxying, rather than a black and white ...
      (comp.security.firewalls)
    • Re: Cant Ping Windows 2003 server after R2 Upgrade..HELP!
      ... UPDATE* -- i've enabled to the windows firewall just to see what can be ... i then adjust the ICMP setting to allow ALL icmp. ... Enable 3 Allow outbound destination unreachable ... ICMP configuration for Local Area Connection 7: ...
      (microsoft.public.win2000.active_directory)
    • Re: black ice usage question
      ... It relies on it's application control for outbound protection. ... restrict the entire machine from accessing certain ports either. ... firewall will allow the user to restrict all access to only the ports ...
      (comp.security.firewalls)
    • Re: Firewall of SP2 is good?
      ... >> PFW solutions and some people do consider App Control a limited means ... then it cannot send any outbound traffic. ... > connections to an application. ... The firewall does NOT stop any ...
      (comp.security.firewalls)
    • Re: Network Firewall/Routing Solution
      ... > for a good solution to route inbound and outbound traffic. ... > firewall combo boxes that linksys sells, and I really don't want to run ... > I will need to deal with inbound web and ftp requests from the ... > non-pasv connections. ...
      (comp.security.firewalls)