RE: [Full-Disclosure] Zone Alarm

From: Robert J. Liebsch (rliebsch_at_stoneyamashita.com)
Date: 06/04/03

  • Next message: Shawn McMahon: "Re: [Full-Disclosure] Zone Alarm" 
    To: "morning_wood" <se_cur_ity@hotmail.com>, "Jason" <security@brvenik.com>
Date: Wed, 4 Jun 2003 13:17:51 -0700

    So, Once you PAY for ZoneAlarm, you don't have to worry about CPU and MEM
    hogs...

    but my solution:

    ZoneAlarm on the PC you are using. Get smart, you dont go to a port city have
    unprotected sex,
    so when you jack in you should have something covering your ass...

    LinkSys Wireless Access Point Cable/DSL with 4 Port Switch. This too has a
    Zone Alarm
    install on it. But NAT is NAT. Now you can DoS these, and a poorly configured
    one or
    default password set is bad. Duh.

    SnapGearPro if you need VPN and such. They work. They are linux based. Easy
    to use.

    Everything has to be done in layers. No services running or installed which
    aren't being used.
    Configure your services. Defaults are bad for you. Chroot. Change passwords,
    use permissions. Check SUID.
    ipchains/iptables/ipfw is running and filtering every other port, even the
    ports which are not listening.
    The switches have to be maintained. You can tell a switch what to do, it'll
    listen.
    Then your routers need to be configured properly. How many times do you see
    in your logs
    10.30.40.200 trying access something. There is no reason for RFC1918
    addresses to get passed by
    routers, spoofed or not.

    Security is easy, but it is time consuming. Sorry about the digression...

    Zone alarm is good, but it is only 1 layer. (its only good AFTER you pay for
    it IMO)

    PS. the URL is fuX0r3d.

    > ----------
    > From: Jason
    > Sent: Wednesday, June 4, 2003 11:53 AM
    > To: morning_wood
    > Cc: Ben Tyson-Norrman; full-disclosure@lists.netsys.com
    > Subject: Re: [Full-Disclosure] Zone Alarm
    >
    > Unfortunately the $40 'hardware' devices are not either.
    >
    > Please reference the excellent work by Core
    > http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10
    >
    > and the _much_ more expensive 'hardware' devices are just as prone
    >
    > http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml
    > http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml
    > http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-regression-pub.s
    > html
    > ...
    > http://www.cisco.com/warp/public/707/advisory.html
    >
    > For a personal solution Zone Alarm is quite possibly more adequate and
    > appropriate.
    >
    > morning_wood wrote:
    >
    > >Zone Alarmbuy a $40 hardware router. Software firewalls are not a security
    > solution IMHO.
    > >
    > >morning_wood
    > > ----- Original Message -----
    > > From: Ben Tyson-Norrman
    > > To: full-disclosure@lists.netsys.com
    > > Sent: Wednesday, June 04, 2003 8:53 AM
    > > Subject: [Full-Disclosure] Zone Alarm
    > >
    > >
    > > I'm not sure I can ask this question without derision, but here goes...
    > >
    > > Zone Alarm, is it really as crap as everyone makes out.... or is the
    > usual posturing by ill-informed...?
    > >
    > > Many thanks all
    > >
    > > Visit our web site @ www.twowaytv.com
    > > This e-mail and its attachments are intended for the above named
    > recipient(s) only and may be confidential, legally privileged and protected
    > by law. If you are not a named addressee or have received this transmission
    > in error, please notify us immediately at postmaster@twowaytv.co.uk and
    > then delete this e-mail. As Internet communications are not secure we do
    > not accept legal responsibility for the contents of this message or
    > responsibility for any change made to this message after the original
    > sender sent it. Save for this legal notice, the contents or opinions
    > contained within this e-mail are solely those of the sender and do not
    > necessarily represent those of Two Way TV Ltd unless otherwise specifically
    > stated.
    > >
    > >
    > >
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Shawn McMahon: "Re: [Full-Disclosure] Zone Alarm"