Re: A poor man's activity check :)

From: Kjell Edvard Medhaug (mekj.dalane-vgs@rogaland-f.kommune.no)
Date: 02/25/02 

From: Kjell Edvard Medhaug <mekj.dalane-vgs@rogaland-f.kommune.no>
Date: Mon, 25 Feb 2002 14:04:54 +0100

The start of this thread is not visible to me, but it seems to me (from
the excerpt below) that it started with a question (or more) on software
firewalls, from a cost/benefit viewpoint. I apologize if my reply is not
relevant.

Is a (soft) firewall worth the memory it occupies? This question can
only be answered by one person: the one asking it.....

A few pointers:
If you are on a closed network and trust all other users not to abuse
the system, the answer is obviously "NO". If you are connected to the
internet and your computer is a controller for some nuclear facility,
the answer is obviously "YES". Most of us are somewhere in between.

To balance cost against benefit, you need to know something about cost,
and something about benefit. To help answering your own question, you
might find it useful to ask yourself (and attempt to answer...) the
following questions:
- What kind of impact will the reduced amount of free memory have on
system performance? (you might also take CPU and network load, as well
as limitations in your own networking freedom, into consideration here)
- Is it likely that my system will be attacked?
- Will an attack have great impact?
- Can a firewall prevent attacks?

Cases:
I routinely reinstall/rebuild my home system, do backups of vital data
and occasionally run "performance critical" applications. Hence, the
balance leans towards "no firewall". The network at work, however, is a
large system with a multitude of different users (teachers and students
in a school at intermediate level), where some of the data is prone to
attacks (grading tests, etc.) and system rebuild (2 servers and 250
workstations) is rather costly. You can see the balance shifting...(?).

Hope this helps.

Kjell

Art Kopp wrote:
>
> On Thu, 10 Jan 2002 16:56:33 -0500, David McGovern

..... chop chop .....

> session. It blocked something on a high port # in the >50,000 range. I
> don't really know if that means anything or not. I'm still at a loss
> on my question of whether or not a firewall is worth the memory it
> occupies :)
>
> Art
> http://www.epix.net/~artnpeg
> Reply to address should work. 










Relevant Pages
    

  • RE: Need help from a group of experts. I am not a network expert  but I play one on tv.
    ... preventing file attachments alone won't stop all email attacks. ... Sonicwall is a good firewall...but any firewall depends on how well you ... I am not a network expert ... - Precisely Define and Implement Network Security ... 
    (Security-Basics)
  • Re: Ask EU - firewalls
    ... The addresses to use in a "private network" ("your side of the ... but that is a different subject, and this is not how a software firewall ... Yes, routers could be hacked potentially, wireless routers have already ... an important and often weak target for attacks is partly due to its near ... 
    (uk.media.radio.archers)
  • Re: IDS on Switched Networks
    ... connecting a network IDS to it would be fine. ... Higher state of alert you know what attacks you are ... If your firewall has NAT turned on, ... 
    (Focus-IDS)
  • RE: Need help from a group of experts. I am not a network expert but I play one on tv.
    ... preventing file attachments alone won't stop all email attacks. ... Sonicwall is a good firewall...but any firewall depends on how well you ... Make sure OS has tightened security permissions. ... Almost A Network Admin ... 
    (Security-Basics)
  • RE: can ping but not browse
    ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ... 
    (Fedora)















	


	





Quantcast