Re: Firewall question.
From: Duane Arnold (notme_at_notme.com)
Date: Sun, 02 May 2004 08:47:47 GMT
"Bob" <ace-62@earthlinkNOSPAM.net> wrote in news:CA%kc.1527$a47.1023
> I have a question for you all please.
> I have been running the XP firewall, but now have a firewall made by
> Sygate. Do I need to turn off the one in XP, or is it OK to run them
> for the added protection?
> I have heard both, but I thought that a few of you guy who seem to
> know your stuff in here might be able to give me the correct answer.
If you want to run two, then run one that has many of the FW like
features and does more than the XP ICF that's on the O/S. Malware can
take down any third party host based FW easily, but it's hard to take
down IPsec, since it's integrated with the O/S.
In addition to this, XP's FW upon the release of SP 2 will have
application control that will bring XP's FW on par with third party host
Currently, IPsec will get to the TCP/IP connection first at boot and XP's
SP 2 FW will also get to the TCP/IP connection at boot.
At boot is a vulnerable situation for a machine with a third party FW
solution installed, since malware will beat any of them to the TCP/IP
connection and be done by the time any of them can get there and stop it.
All you have to do is implement the AnalogX Secpol file and you're
covered. The POP3, HTTP etc, etc for the *client* are already configured.
You may want to look at *Protecting against Denial of Service Attacks*
being discussed in the link.
On the other hand, you may want to get a cheap NAT router and use Sygate
and IPsec behind it to supplement, like I do with the NAT router BlackIce
and IPsec on all machines.
A cheap NAT router cost as much as you have paid for Sygate, if not the
free one, because a NAT router stops everything in front of the machine
and the O/S and the FW will not react -- the true *stealth* part in a *I
am stealth* statement. :)