RE: IPsec vs any personal software firewall

From: Lee Evans (lee_at_vital.co.uk)
Date: 09/29/03

  • Next message: Patrick Morris: "Re: IPsec vs any personal software firewall"
    To: "'Kamran  Muzaffer'" <kmahmed@cyber.net.pk>, <focus-ms@securityfocus.com>
    Date: Mon, 29 Sep 2003 17:42:37 +0100
    
    

    Hi,

    IPSec filters are not a replacement for a firewall. There are many
    reasons for this, but the most obvious is that potential attackers can
    easily bypass any filters under a default configuration. From MS
    technet:

    "By default in Windows 2000 and Windows XP, broadcast, multicast,
    Kerberos, RSVP, and ISAKMP traffic is exempt from IPSec filtering"

    So simply by forging a source port of 88 on any malicious traffic they
    bypass the IPSec filters.

    I believe this is changed for Windows2003

    Regards
    Lee

    -- 
    Lee Evans
    > -----Original Message-----
    > From: Kamran Muzaffer [mailto:kmahmed@cyber.net.pk] 
    > Sent: 26 September 2003 01:35
    > To: focus-ms@securityfocus.com
    > Subject: IPsec vs any personal software firewall
    > 
    > 
    > 
    > 
    > Hi,
    >  
    > I just want to know what is preferred from the machine 
    > utilization point of view, filtering traffic through IPsec or 
    > using any software firewall like Tiny Personal, Zone Alarm 
    > etc. Microsoft's documentation states that IPsec rules do 
    > affect the performance of the machine on which they are 
    > applied. Is there any proper guideline or 'thinks to 
    > remember' for implementing a performance and security 
    > affective IPsec or any firewall structure.
    >  
    > Thanks in advance.
    >  
    > Regards,
    > Kamran Muzaffer 
    > 
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > -------------
    > 
    > 
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Patrick Morris: "Re: IPsec vs any personal software firewall"

    Relevant Pages

    • RE: Win2k IPSec -Default behavior
      ... Win2k ipsec filters and if your win2k servers/workstations/intranet are ... ANYONE can still port scan your computer by binding ...
      (Focus-Microsoft)
    • RE: IPsec vs any personal software firewall
      ... At this point Windows 2000 and XP will allow Broadcast, multicast, and IKE ... IPSEC is not a replacement for a good firewall. ... IPSEC and a good firewall is the best plan. ... IPSec filters are not a replacement for a firewall. ...
      (Focus-Microsoft)
    • was - RE: Access to well-known ports on Win2K -now [IPSec - Default behavior]
      ... perhaps those new to Win2k ipsec policies... ... hence is exempt from all ipsec filters. ... ANYONE can still port scan your computer by binding ... If anyone is interested in the script just email me ...
      (Focus-Microsoft)
    • Event ID 1812 Error NTDS Inter-Site Messaging
      ... Seems to indicate a CERT issue and/or possibly ... I just changed some IPSec filters AND linked GP for the OU ... similar W2K3 servers. ...
      (microsoft.public.windows.server.general)
    • Re: Win2K Security & Firewall - long post
      ... IPSec, and more so some reasons why it might be a bad idea for MS to ... realize that tailoring an IPSec policy for a specific home user, ... disabled their personal firewall. ... Won't work if the malware uses a "legitimate" means of disabling ...
      (comp.security.firewalls)