RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause

From: James Patterson Wicks (pwicks_at_oxygen.com)
Date: 01/16/04

  • Next message: Paul Schmehl: "RE: [Full-Disclosure] Flawed arguments (Was all that other crap about PFW day)" 
    To: "Richard M. Smith" <rms@computerbytesman.com>, full-disclosure@lists.netsys.com
Date: Thu, 15 Jan 2004 23:44:07 -0500

    >Richard said " Linksys and Netgear. They only let thru packets from
    the >outside world which are in response to packets originating from
    inside the >LAN. That's how NAT routers work."

    I understand how these NAT routers work. The problem is that these
    routers also let OUT all packets originating from the PC or network
    WITHOUT discretion. Sooooo, if you are using Internet Explorer and
    happen upon a page with malicious code that the router is not equipped
    to look at, you can catch all sorts of little nasties (that problem in
    IE has not been patched for two months). If that malicious site happens
    to drop in a little Trojan, your whole network can be compromised. Your
    NAT router works at Layer 3. You still need a personal firewall or
    proxy system that looks at as many layers as possible. You need
    something like Sygate Personal Firewall that alerts you when an
    application or process that you have not approved tries to go OUT to the
    Internet from your PC.

    The newer NAT routers work in conjunction with software firewalls like
    Zone Alarm, but they are still are not as effective as having a software
    firewall running on your system. Software firewalls receive frequent
    updates that help defeat new threats that appear almost weekly. Router
    firmware updates come every quarter or so.

    At home I had a Linksys router, locked it down pretty good with
    additional custom rules (so I thought). I was surprised to see the type
    of messages that popped up when I installed a software firewall. I
    finally broke down and bought a Cisco 501 hardware firewall.

    So this is what I have at home: The Linksys is still on the network,
    but it does not perform NAT. It mainly acts as a perimeter router
    trying to keep the spoofers at bay. Static NAT is now performed by the
    Cisco 501 firewall, on which I placed a very restrictive set of access
    lists and some nice IDS rules. Norton Internet Security 2003 runs on
    all the PC's. Mozilla is the browser on the three PC's and Linux
    system. All Microsoft critical updates are installed on the PC's. The
    PC's also have Ad-Aware 6.0 installed from Download.com. For a home
    network, this is as about as secure as I plan on taking it.

    Linksys Router - $80
    Cisco Pix 501 firewall - $400
    Norton Internet Security 2003 for three PC's - $180
         (Linux system does not have commercial firewall installed)
    Ad-Aware 6 - $0
    Mozilla browser - $0
    Total implementation time - About four hours

    Knowing that it's going to take some real effort to compromise my
    network without detection - priceless.

    Is my home network hack-proof? Of course not! Will some snot-nosed
    script kiddie running blind scans happen upon my network and enter
    undetected? Not bloody likely. I still apply patches and test my home
    defenses from time to time, but I think that I have a decent setup for
    now. Can some of the people who read and post to this thread break
    through my defenses? I think that some might be able to, which is why I
    am sending this message from a friend's house :)

    Bottom line, computer security is a process, not a product. This is why
    there is a layered approach to security. You watch the doors on the way
    in and on the way out (sometimes twice). You also have to watch the
    people authorized to operate within your environment.

    Makes you wonder why we even bother sometimes. Oh well, time to go look
    at some new Brittney Spears photos ;)

    -----Original Message-----
    From: Richard M. Smith [mailto:rms@computerbytesman.com]
    Sent: Thursday, January 15, 2004 10:22 PM
    To: James Patterson Wicks
    Subject: RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day,
    help the cause

    Linksys and Netgear. They only let thru packets from the outside world
    which are in response to packets originating from inside the LAN.
    That's
    how NAT routers work.

    Richard

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of James
    Patterson
    Wicks
    Sent: Thursday, January 15, 2004 9:33 PM
    To: full-disclosure@lists.netsys.com
    Subject: RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day,
    help
    the cause

    A router that protects you from "Future security holes in the Windows
    networking software", huh? I would love a router like that! The thing
    is, Cisco, Symantec, Network Associates and Trend Micro have joined
    forces to try to do what you say your router is doing already. Tell me,
    what is this router have?
     
    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Richard M.
    Smith
    Sent: Thursday, January 15, 2004 6:28 PM
    To: full-disclosure@lists.netsys.com
    Subject: RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day,
    help the cause

    I run a NAT router box at my house which acts as a hardware firewall for
    my
    home LAN. It protects me from the following problems:

       - Messenger popup spam
       - RPC worms
       - Accidentally sharing a disk directory with the world
       - Future security holes in the Windows networking software

    This type of firewall seems like a bargain to me. I would use one of
    these
    router boxes even it I had only one computer to connect to the Internet.

    Richard

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Brandon
    Butterworth
    Sent: Thursday, January 15, 2004 2:10 PM
    To: bugtraq@securityfocus.com
    Cc: full-disclosure@lists.netsys.com
    Subject: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help
    the
    cause

    > I just wanted to remind everybody that tomorrow is Personal Firewall
    Day.

    Yuk.

    Whilst I support people taking care of their security I rank personal
    firewalls on the same level as virus detection

    They don't fix the real problems and lead to a dependency culture of
    constant upgrades (if people bother) and alternative vendor sales fud

    ....

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    This e-mail is the property of Oxygen Media, LLC. It is intended only
    for
    the person or entity to which it is addressed and may contain
    information
    that is privileged, confidential, or otherwise protected from
    disclosure.
    Distribution or copying of this e-mail or the information contained
    herein
    by anyone other than the intended recipient is prohibited. If you have
    received this e-mail in error, please immediately notify us by sending
    an
    e-mail to postmaster@oxygen.com and destroy all electronic and paper
    copies
    of this e-mail.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Paul Schmehl: "RE: [Full-Disclosure] Flawed arguments (Was all that other crap about PFW day)"