RE: Spam: Zonealarm+Windows Firewall
- From: "Jeff Britton, Monitored Security" <jeff.britton@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Feb 2006 19:17:52 -0000
I'm sure you can find extreme circumstances where it is beneficial to have both firewalls running on the host...and in those circumstances, yes, you may want to run two firewalls.
But assuming that he/she is not running an ssh server on Windows, and rather just using it as an ordinary workstation for common, everyday tasks, there is still not much value added with both firewalls running.
J
-----Original Message-----
From: evb [mailto:swiver@xxxxxxx]
Sent: Monday, February 27, 2006 1:42 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Spam: Zonealarm+Windows Firewall
I wanted to run an SSH server as a Windows service, but open a custom SSh
port via port knocking only when access was needed.
To do this, I needed the SSH server to be running, but I also needed the
port closed until I came a'knocking. When I needed SSH access, I could port
knock, open the port, do my business, the port knock to close the port.
ZoneAlarm itself does not appear to allow this: that is, if SSh is running,
the port is open and waiting for connections, or if the port is closed, then
it's because the SSH service isn't bound it the port and therefore can't
accept connections.
So I chose to run ZA plus the Windows firewall. Running both simultaneously
allows SSh to bind to the port but still have the port closed for inbound
connections (stealth mode).
So isn't that a good reason to have both?
Eric
:-----Original Message-----
:From: Jeff Britton, Monitored Security
:[mailto:jeff.britton@xxxxxxxxxxxxxxxxxxxxx]
:Sent: Monday, February 27, 2006 8:43 AM
:To: barcajax@xxxxxxxxx
:Cc: security-basics@xxxxxxxxxxxxxxxxx
:Subject: RE: Spam: Zonealarm+Windows Firewall
:
:I really don't see much value added by running both firewalls
:on the same host. In my experience, ZoneAlarm has done a
:great job monitoring both in and outbound traffic and should
:be sufficient (considering near-optimal management). Running
:a second firewall, such as the Windows Firewall, adds another
:layer of complexity, but not necessarily another layer of
:security. I just don't see it being efficient, from both a
:performance perspective, as well as from a security perspective.
:
:Jeff
:
:-----Original Message-----
:From: barcajax@xxxxxxxxx [mailto:barcajax@xxxxxxxxx]
:Sent: Saturday, February 25, 2006 2:16 AM
:To: security-basics@xxxxxxxxxxxxxxxxx
:Subject: Spam: Zonealarm+Windows Firewall
:
:
:I have been using Zonealarm for many years. I've only started
:using Windows Firewall recently after upgrading my XP to SP2.
:I know that Windows Firewall only filters incoming packets
:(correct me if I'm wrong) thus I have kept my Zonealarm
:installed and running.
:What is the implication of running both firewalls
:concurrently? Does Windows Firewall automatically take
:precedence over Zonealarm? Does this constitute a 2-tier
:firewall on my home PC?
:I noticed that Windows Firewall does not notify me before
:dynamically adding new rules to allow traffic through. This
:concerns me greatly and I am contemplating turning Windows
:Firewall off and relying on Zonealarm. Any comments?
:
:---------------------------------------------------------------
:------------
:EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The
:Norwich University program offers unparalleled Infosec
:management education and the case study affords you unmatched
:consulting experience.
:Tailor your education to your own professional goals with
:degree customizations including Emergency Management, Business
:Continuity Planning, Computer Emergency Response Teams, and
:Digital Investigations.
:
:http://www.msia.norwich.edu/secfocus
:---------------------------------------------------------------
:------------
:
:
:---------------------------------------------------------------
:------------
:EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The
:Norwich University program offers unparalleled Infosec
:management education and the case study affords you unmatched
:consulting experience.
:Tailor your education to your own professional goals with
:degree customizations including Emergency Management, Business
:Continuity Planning, Computer Emergency Response Teams, and
:Digital Investigations.
:
:http://www.msia.norwich.edu/secfocus
:---------------------------------------------------------------
:------------
:
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Prev by Date: RE: How hackers cause damage... was Vulnerabilites in new laws on computer hacking
- Next by Date: SF new article announcement: Zero to IPSec in 4 minutes
- Previous by thread: RE: Spam: Zonealarm+Windows Firewall
- Next by thread: SF new interview announcement: Spreading security awareness for OS X
- Index(es):
Relevant Pages
|
