Re: firewalls (was Re: AGP)

From: Duane Arnold (darnold92@Insightbb.com)
Date: 08/08/02


From: "Duane Arnold" <darnold92@Insightbb.com>
Date: Thu, 08 Aug 2002 04:55:32 GMT

I feel for you as my thoughts turn towards the REDS. However, that is why I
think IDS such as BlackIce with its IDS/firewall or something like Snort/IDS
would come into play on public or forwarded ports by the router. I am not
saying that IDS a cure all, but at least it's, a little something extra in
the protection locally on the machine.

I don't know how many times I have seen a post where person has Web services
running no router/NAT or NAT period, and something like cheese cloth ZA,
Outpost, Norton, Tiny etc. etc setting in front of the services. I am not a
security expert, but I do know better then that, along with keeping Critical
Updates up to date.

Well time for bed. Hey, look at it this way, football season will be upon us
soon and maybe my RAIDERS will do some damage this year and get lucky.

Duane

"Lars M. Hansen" <badnews@hansenonline.net> wrote in message
news:frh3lu4j98a54b5tlplj488r50rjvea9rc@4ax.com...
> On Wed, 07 Aug 2002 11:33:24 GMT, Duane Arnold spoketh
>
> >I don't see how anyone can mis-configure a Linksys router. For the most
> >part, NAT on the Linksys router will protect the average home user. But
I
> >was not the one saying that the router had a firewall, and the router was
> >the end all solution either.
> >
> >The line is becoming more and more blurred everyday as to what home users
> >can do with their home network and what is happening in a corporate
> >environment along these same lines
> >
> >Like me and my little home network where I am setting up my FTP/Website.
I
> >am keenly aware that the router's NAT and its SPI are not going to
protect
> >the machine while the port is open to the public. One had better have
some
> >additional defenses in place to protect it.
> >
> >But for someone to say that all they need is the router to protect their
> >network is being a little naive.
> >
> >There are many ways to protect the network and I only know a few of them,
> >but who cares how it's done as long as it is being done.
> >
>
> Even my very expensive Raptor firewall doesn't protect the computer it
> forwards services for, at least not for the services it does not have a
> proxy for. If SSH is poorly configured on an exposed host behind a
> Raptor, the Raptor will do nothing to protect it. The same holds true
> for the Linksys routers (and all similar routers, SMC, Netgear,
> whatever) as well. Once packets are allowed through the firewalls
> through port forwarding (also called public servers, service redirects
> and virtual servers, depending on product), the exposed host is left
> vulnerable to any and all exploits of the service in question.
>
> For most home users, a simple device such as the Linksys BEFSR does a
> good job without the addition of any software firewalls on the hosts.
> Even for those who runs web or ftp servers, these little routers are
> sufficient.
>
> As for the BEFSX41, it appears to have a few additional features such as
> protection against PoD attacks, SYN flood and other DoS attacks. How
> necessary these are is a matter of opinion ... I have never seen a DoS
> attack on any of my firewalls over the past 3 years ... I've seen
> script-kiddes with their lame (sic) scripts, but no PoDs or SYN floods.
>
> There is a little too much hysteria surrounding this whole security
> thing. It's absolutely a good thing that people want to protect their
> computers to prevent their computers from being used as tools for
> others. However, for home users to load up with a hardware firewall and
> two or even three personal firewalls on their computers is total
> overkill, especially when the user have no idea what they are
> protecting, what they are protecting it against, and what a "ping" is.
> Of course, getting advice by perfect strangers with badly chosen aliases
> on a use net group doesn't always make things better.
>
> Sorry for the rant ... the Red Sox are losing again
>
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'lars' in e-mail address)