Re: Firewall yes, but where?
From: Jose Maria Lopez Hernandez (jkerouac_at_bgsec.com)
Date: Sun, 20 Feb 2005 23:47:56 +0100
Duane Arnold wrote:
> Where are you coming up with that? The PFW solutions do have a feature
> called App. Control that can be fooled. However, the PFW is a software FW
> solution geared to protect the O/S and its services and programs along with
> other non O/S programs from attack just like any other FW solution in the
> traditional sense of stopping unsolicited inbound traffic to the machine
> and some have the ability to stop outbound like any other FW. It's just
> that some PFW solutions have extra features incorporated in them trying to
> protect the user from themselves, which is useless in a lot of cases.
First: Did you read the Phrack Magazine article I was talking about?
Maybe it make you see the PFW in another manner.
Second: PFW are no real firewalls. They usually don't stop packets by
their caracteristics or are stateful, they only control which programs
can send or receive packets. That can be called anything but a firewall.
Third: A real firewall has some specific characteristics that make
it more secure than a PFW. They are stateful. They have control over
the connections made and the ones received that are corresponding to
them. They can change characteristics of the packets and connections.
I could be talking about this ad-finitum.
Conclusion: A Personal Firewall it's a *Personal* Firewall, and a
Real Firewall it's a *Real* Firewall. They are different things,
they work in a different way and they serve for different things.
> There would be no way I would take my laptop and connect it to another
> network other than my own without out a PFW solution enabled on the machine
> - a wired or wireless network at that.
Of course. And I use a Personal Firewall, Sygate Personal Firewall with
my XP, but if you need a firewall for a production system with a LAN of
computers it's far better to have a firewall box, software or hardware,
than having Personal Firewalls on the desktop computers.
And for the OP case, best solution it's having both, a firewall in
the router and a free personal firewall as the Sygate one in the
> Duane :)
-- Jose Maria Lopez Hernandez Director Tecnico de bgSEC firstname.lastname@example.org bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAŅA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"