Re: what should I do when....

---

• From: Adriel Desautels <adriel@xxxxxxxxxxxxx>
• Date: Thu, 10 Jul 2008 11:44:50 -0400

---

I certainly agree,
Let me make clear that firewalls do serve a function in enforcing good security, I just don't consider them to be a security device per-sae.

Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45

Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn


? aditya mukadam ? wrote:

Wow, its good to know various viewpoints about firewall. I think
firewall is absoluetly important and can be considered one of the
first layer of defense against common exploits which work on known
ports. Again, it all depends how you make use of it and for that you
need to know what you are really defending.

For example:

Stateful firewall perform stateful inspection of packets. ie will only
allow internet traffic to come in to the trusted network(inside of
firewall) if a connection/session is initiated from one of the
pc/machines on its trusted network. So, web initiated evil traffic
towards the Firewall will get dropped. Mr. Firewall will fail to do
its job if the someone just opens email with worms/virus sitting on
the trusted network. If its a trojan making connection from trusted
network to internet, Mr. Firewall would not know that :-( . So, we
would need additional security devices like IPS etc to monitor such
traffic.

So in short, firewall is important but not sufficient to protect.

Please note there are higher end firewalls ( Juniper SSGs & Cisco
ASAs) which can have integrated URL filter,IPS module in it. So, more
the $$$ firewall can be armed with more ammos to fight
worms/trojans/viruses/attacks etc :-))

Thanks,
Adi

On Wed, Jul 9, 2008 at 8:30 PM, Adriel Desautels <adriel@xxxxxxxxxxxxx> wrote:

Ansgar,
You can not bullet proof a computer system by using a firewall even
if you block all traffic to and from that system. In most configurations
firewalls block inbound connection attempts to *internal* systems, while
they permit outbound attempts from those systems.

It is my opinion that firewalls are not security devices as much as
they are traffic shaping devices. Their job is to control network
connections and the flow of traffic, not to ensure that something can't be
hacked.

Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45

Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn


Ansgar -59cobalt- Wiechers wrote:

On 2008-07-08 Weir, Jason wrote:

Quote of the day....
"Bullet-proofing your systems is as easy as using a firewall"

If it was only true....

It is quite true, you're just underestimating the task of maintaining a
firewall.

Regards
Ansgar Wiechers

---

• References:
  • RE: what should I do when....
    • From: Sergio Castro
  • RE: what should I do when....
    • From: Weir, Jason
  • Re: what should I do when....
    • From: Ansgar -59cobalt- Wiechers
  • Re: what should I do when....
    • From: Adriel Desautels
  • Re: what should I do when....
    • From: ॐ aditya mukadam ॐ

• Prev by Date: Re: what should I do when....
• Next by Date: Re: snort updates and changes to snort.conf
• Previous by thread: Re: what should I do when....
• Next by thread: Re: what should I do when....
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: what should I do when.... ... its good to know various viewpoints about firewall. ... pc/machines on its trusted network. ... If its a trojan making connection from trusted ... It is my opinion that firewalls are not security devices as much as ... (Security-Basics) RE: what should I do when.... ... I can't argue with "simple, clean, and well managed". ... A firewall is not a traffic shaping ... "It is my opinion that firewalls are not security devices as much as ... (Security-Basics) Re: I am having connectivity problems ... firewall and turned ON Windows firewall. ... When I tried to install SP2 I was unable to get it thru Windows Update. ... does the connection problem persist? ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: Serious Security Issue in Windows XP SP2s Firewall ... Subject: AW: Serious Security Issue in Windows XP SP2's Firewall ... If you update a WinXP SP-1 with enabled Internet ... Connection Firewall ... (Focus-Microsoft) RE: Serious Security Issue in Windows XP SP2s Firewall ... file and printer sharing is available for network login from any network (I ... Internet Connection Sharing of the PC has to be disabled." ... Serious Security Issue in Windows XP SP2's Firewall ... (Focus-Microsoft)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)