[Full-Disclosure] YABBT [1] - Re: Zone Alarm
From: Jason (security_at_brvenik.com)
Date: 06/05/03
- Previous message: Darren Reed: "Re: [Full-Disclosure] Re: IRCXpro 1.0 - Clear local and default remote admin passwords"
- In reply to: Michael Osten: "Re: AW: [Full-Disclosure] Zone Alarm"
- Next in thread: Michael Osten: "[Full-Disclosure] Re: YABBT [1] - Re: Zone Alarm"
- Reply: Michael Osten: "[Full-Disclosure] Re: YABBT [1] - Re: Zone Alarm"
- Reply: Ron DuFresne: "Re: [Full-Disclosure] YABBT [1] - Re: Zone Alarm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Full-Disclosure <full-disclosure@lists.netsys.com> Date: Wed, 04 Jun 2003 23:57:04 -0400
Inline.
Michael Osten wrote:
> On Wed, 2003-06-04 at 21:15, Jason wrote:
>
>>Are you implying that
>>
>>1) You know of a hardware only solution that can do per application
>>network blocking when dealing with like protocols.
>
>
> No idea, but that is not what he said. I quote
>
> "There is one big benefit, which no hardware router can bring you. Zone
> alarm
> and other Windows based Software Firewalls can block network access for
> programs. A HW firewall can only block a whole machine but can't denied
> access for one software and allow access for another software on the
> same machine."
>
> Bonus points: Who can spot the inaccuracies.
>
I suppose I am suffering from reading the intent not the literal. I will
have to work on that.
"There is one big benefit, which no hardware router can bring you. Zone
alarm and other Windows based Software Firewalls can block network
access for programs."
Which is absolutely correct at the core.
"A HW firewall can only block a whole machine but can't denied access
for one software and allow access for another software on the same machine."
Which is not properly constructed and slightly inaccurate. Lets fill it in.
'A HW firewall can only block at the protocol level for an entire
machine but can not reliably deny access for one program and allow
access for another program when they are using like protocols from the
same machine.'
Of course there are cases where a host based FW cannot differentiate the
program either however the risk factors are greatly reduced.
> The fact is that there probably is not (not that I know of) a true
> "hardware firewall" available. It all has some sort of software unless
> someone has written a RFC to control transmission packets via resistors.
I know it has been done in HW only, not at layer 7, I cannot remember
the conpany and google fails me. I recall a thesis [0] on the topic.
This still does not imply that it would not be vulnerable to attack or
exploitable if found to be vulnerable.
>
> For layer 7 filtering, lots will. The Cisco Pix for example.
This is very limited and easily circumvented in many cases, especially
when dealing with like protocols and talkback capabilities.
>
>
>
>>2) The statement is incorrect.
>
>
> See question 1.
>
I hope a sufficiently reworded statement will both resolve the problem
and not offend the orig author.
"There is one big benefit, which no hardware router can bring you. Zone
alarm and other similar host based software firewalls can block network
access for specific programs. A HW firewall can only block at the
protocol level for an entire machine but can not reliably deny access
for one program and allow access for another program when they are using
like protocols from the same machine."
>
>>3) The conversation should be turned into yet another worthless personal
>>attack thread that serves no meaningful purpose.
>
>
> Bad advice needs to be beat like a red-headed stepchild. You won't see
> me post often for the following reason:
>
> 1. If I don't know what the hell I'm talking about, I keep my mouth
> shut, or in this case, I stop myself from typing.
>
> 2. I do not post to foreign language mailing lists. It is hard enough
> to get a point across in my native language.
Both are good reasons, might I suggest one more.
3. When I notice an error, omission, or bad advice I question or correct
it, not attack the provider of the information. Failing that I reference #1.
IMHO the initial reply failed to further anything and served no purpose.
Please, if you are going to beat the red-headed stepchild tell them why.
-J
[0] - http://www.it.lth.se/it/msprojects/ita/past/firewall/report.pdf
[1] - YABBT: Yet another bit bucket thread.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Darren Reed: "Re: [Full-Disclosure] Re: IRCXpro 1.0 - Clear local and default remote admin passwords"
- In reply to: Michael Osten: "Re: AW: [Full-Disclosure] Zone Alarm"
- Next in thread: Michael Osten: "[Full-Disclosure] Re: YABBT [1] - Re: Zone Alarm"
- Reply: Michael Osten: "[Full-Disclosure] Re: YABBT [1] - Re: Zone Alarm"
- Reply: Ron DuFresne: "Re: [Full-Disclosure] YABBT [1] - Re: Zone Alarm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
