RE: Spam: Zonealarm+Windows Firewall

I wanted to run an SSH server as a Windows service, but open a custom SSh
port via port knocking only when access was needed.

To do this, I needed the SSH server to be running, but I also needed the
port closed until I came a'knocking. When I needed SSH access, I could port
knock, open the port, do my business, the port knock to close the port.

ZoneAlarm itself does not appear to allow this: that is, if SSh is running,
the port is open and waiting for connections, or if the port is closed, then
it's because the SSH service isn't bound it the port and therefore can't
accept connections.

So I chose to run ZA plus the Windows firewall. Running both simultaneously
allows SSh to bind to the port but still have the port closed for inbound
connections (stealth mode).

So isn't that a good reason to have both?

Eric


:-----Original Message-----
:From: Jeff Britton, Monitored Security
:[mailto:jeff.britton@xxxxxxxxxxxxxxxxxxxxx]
:Sent: Monday, February 27, 2006 8:43 AM
:To: barcajax@xxxxxxxxx
:Cc: security-basics@xxxxxxxxxxxxxxxxx
:Subject: RE: Spam: Zonealarm+Windows Firewall
:
:I really don't see much value added by running both firewalls
:on the same host. In my experience, ZoneAlarm has done a
:great job monitoring both in and outbound traffic and should
:be sufficient (considering near-optimal management). Running
:a second firewall, such as the Windows Firewall, adds another
:layer of complexity, but not necessarily another layer of
:security. I just don't see it being efficient, from both a
:performance perspective, as well as from a security perspective.
:
:Jeff
:
:-----Original Message-----
:From: barcajax@xxxxxxxxx [mailto:barcajax@xxxxxxxxx]
:Sent: Saturday, February 25, 2006 2:16 AM
:To: security-basics@xxxxxxxxxxxxxxxxx
:Subject: Spam: Zonealarm+Windows Firewall
:
:
:I have been using Zonealarm for many years. I've only started
:using Windows Firewall recently after upgrading my XP to SP2.
:I know that Windows Firewall only filters incoming packets
:(correct me if I'm wrong) thus I have kept my Zonealarm
:installed and running.
:What is the implication of running both firewalls
:concurrently? Does Windows Firewall automatically take
:precedence over Zonealarm? Does this constitute a 2-tier
:firewall on my home PC?
:I noticed that Windows Firewall does not notify me before
:dynamically adding new rules to allow traffic through. This
:concerns me greatly and I am contemplating turning Windows
:Firewall off and relying on Zonealarm. Any comments?
:
:---------------------------------------------------------------
:------------
:EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The
:Norwich University program offers unparalleled Infosec
:management education and the case study affords you unmatched
:consulting experience.
:Tailor your education to your own professional goals with
:degree customizations including Emergency Management, Business
:Continuity Planning, Computer Emergency Response Teams, and
:Digital Investigations.
:
:http://www.msia.norwich.edu/secfocus
:---------------------------------------------------------------
:------------
:
:
:---------------------------------------------------------------
:------------
:EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The
:Norwich University program offers unparalleled Infosec
:management education and the case study affords you unmatched
:consulting experience.
:Tailor your education to your own professional goals with
:degree customizations including Emergency Management, Business
:Continuity Planning, Computer Emergency Response Teams, and
:Digital Investigations.
:
:http://www.msia.norwich.edu/secfocus
:---------------------------------------------------------------
:------------
:


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • RPC Connection problems with XP Firewall, dispite proper exeptions
    ... So there seems to be a problem with DCOM or RPC over the Windows XP SP2 ... Windows Firewall: Allow local program exceptions ... If you enable this policy setting, Windows Firewall allows the computer to ... does not open TCP port 135 or 445. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Opening port 135
    ... Windows Server 2003 doesn't have built-in firewall. ... open port 135 on the firewall. ... This behavior occurs because Windows Firewall has blocked the request. ... Before you use this method try both Method 1 and Method 2 in the workaround ...
    (microsoft.public.windows.server.general)
  • Re: How to GCC? - Bill Campbell/or anybody
    ... his end of the ssh connection. ... ssh extensions and commonly forward port 23 to localhost on the remote ... This allows me to use any terminal emulator on the Windows machine ... the LAN ip of the 3.2v4.2 system. ...
    (comp.unix.sco.misc)
  • Re: Help with putty code
    ... Due to the large number of bots attempting to ssh to my server, ... So to access port ... Unfortunately (under windows) the 1st attempted connection ...
    (comp.lang.c)
  • Re: FC6 VPN
    ... I don't know of any windows ssh client that supports X forwarding, which is want you want to be looking at. ... Anytime you make a connection between two computers you are using a tcp/ip port. ... If you need to connect to, say a windows share, you would forward your local port to the linux server through the ssh tunnel. ...
    (Fedora)