RE: IPsec vs any personal software firewall

From: Lee Evans (lee_at_vital.co.uk)
Date: 09/29/03

  • Next message: Patrick Morris: "Re: IPsec vs any personal software firewall"
    To: "'Kamran  Muzaffer'" <kmahmed@cyber.net.pk>, <focus-ms@securityfocus.com>
    Date: Mon, 29 Sep 2003 17:42:37 +0100
    
    

    Hi,

    IPSec filters are not a replacement for a firewall. There are many
    reasons for this, but the most obvious is that potential attackers can
    easily bypass any filters under a default configuration. From MS
    technet:

    "By default in Windows 2000 and Windows XP, broadcast, multicast,
    Kerberos, RSVP, and ISAKMP traffic is exempt from IPSec filtering"

    So simply by forging a source port of 88 on any malicious traffic they
    bypass the IPSec filters.

    I believe this is changed for Windows2003

    Regards
    Lee

    -- 
    Lee Evans
    > -----Original Message-----
    > From: Kamran Muzaffer [mailto:kmahmed@cyber.net.pk] 
    > Sent: 26 September 2003 01:35
    > To: focus-ms@securityfocus.com
    > Subject: IPsec vs any personal software firewall
    > 
    > 
    > 
    > 
    > Hi,
    >  
    > I just want to know what is preferred from the machine 
    > utilization point of view, filtering traffic through IPsec or 
    > using any software firewall like Tiny Personal, Zone Alarm 
    > etc. Microsoft's documentation states that IPsec rules do 
    > affect the performance of the machine on which they are 
    > applied. Is there any proper guideline or 'thinks to 
    > remember' for implementing a performance and security 
    > affective IPsec or any firewall structure.
    >  
    > Thanks in advance.
    >  
    > Regards,
    > Kamran Muzaffer 
    > 
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > -------------
    > 
    > 
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Patrick Morris: "Re: IPsec vs any personal software firewall"