Re: NT 4 server firewall?

From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 01/20/05 

Date: Thu, 20 Jan 2005 06:47:25 -0500

On Wed, 19 Jan 2005 20:52:49 -0600, zn spoketh

>Lars M. Hansen <badnews@hansenonline.net> wrote in
>news:mnstu0tuup7bj4ht15krv6c6c2hvi6q0te@4ax.com:
>
>> On Wed, 19 Jan 2005 21:49:09 GMT, Alinator spoketh
>>
>>
>>>on. Don't seem to have much trouble with it.
>>>
>>
>> But does it actually protect something?
>>
>
>Are you people dense? How can having an installed software firewall not
>provide another layor of protection beyond network hardware-based
>security???????

Because software firewalls "protect" computers by closing ports. Since
the thing you seek to protect needs to have the vulnerable ports open,
the firewall adds no protection to these ports at all, thus leaving the
system as vulnerable as it was before the firewall was added.

Lets see. A Windows NT4 server running Oracle will most likely have the
following ports in a listening state:

135/TCP (RPC)
137/UDP (NetBIOS NameService)
138/UDP (NetBIOS Datagram Service)
139/TCP (NetBIOS Session Service)
139/UDP (NetBIOS Session Service)
1521/TCP (Oracle Database server)

Now, these are the ports that needs to be open (listening) in order for
the server to be a part of a domain and also serve as an Oracle database
server. All the other ports are by default in a closed (non-listening
state). There might be more ports for the Oracle server as well,
depending on product and version. For illustration, this should be
enough.

Now, let's install the software firewall and see what happens.

We still need those same ports in a listening state, so we'll configure
the software firewall to allow that.

Tell me, which ports are the software firewall now protecting? It is
protecting ALL THE OTHER PORTS THAT WERE ALREADY CLOSED! There's no door
analogy here. It's not the same as putting another lock on a door. A
closed port is a closed port, and it cannot be connected to or
exploited, with or without a firewall.

So, instead of actually adding security to your server, you have only
accomplished to add complexity and potentially insecurity. You have
added another program that may either a) have new exploitable
vulnerabilities or b) instability, which may cause additional downtime
(best scenario) or fatal data loss (worst case scenario).

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

Relevant Pages

  • Re: NT 4 server firewall?
    ... But the firewall doesn't protect you from this. ... >> available for securing said server. ... A software firewall on a SQL server would NOT in any ...
    (comp.security.firewalls)
  • Re: Web Server Firewall
    ... Harden your server by going to: ... It is the only software firewall that I know about ... that can monitor and protect open ports. ... > I only need ftp password protected to upload web pages using Dreamweaver ...
    (comp.security.firewalls)
  • Re: Linux server as it own firewall
    ... Linux server as it own firewall ... firewalls can protect open ports from bad traffic. ...
    (Focus-Linux)
  • Re: Closing Telnet Ports
    ... services/applications that are listening on them, ... protect your computer from unauthorized access, such as from the Internet, ... software firewall to block *all* inbound traffic.... ... > How do you close the Telnet ports and Ping ports? ...
    (microsoft.public.windowsxp.security_admin)
  • Re: NT 4 server firewall?
    ... > Who makes software firewalls for Windows NT 4 Server? ... > quality freeware server firewall products for NT 4? ... What are you wanting to protect it from? ... If you want more control over ports - just install a NAT box and only ...
    (comp.security.firewalls)