Re: BBC-TV Computer Security Video For Non-Techies

From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 04/26/05 

Date: 25 Apr 2005 22:46:35 GMT

In article <i6qq611ppcrkileqcrtj2g74cids6aapcg@4ax.com>,
Chuck <none@example.net> wrote:
:A perimeter defense is a necessity. But protecting yourself within your LAN is
:a good idea too. Protecting yourself with just a perimeter firewall is a
:security policy from 5 years ago. Times have changed, and the bad guys have
:found new exploits. Layered security is a must.

Protecting yourself with a "personal firewall" can be worse than
not doing so. My experiences with application level firewalls have
been fairly discouraging -- if even I can't figure out how to get
them configured the way I want, then my users haven't a hope.
But the user that puts in a "personal firewall" and then thinks
themselves safe is going to relax their precautions, and often is
going to get a very "rude awakening" (except they'll just think the
virus/trojan exploited something new, when the truth is their firewall
let through something very old.)

Also, I don't seem to have come across any application-level firewalls for
Unix systems. When the resolver lib detects that the name I requested
is not in cache, I'm unclear on some software that -I- am running is
going to interface with the name server daemon to determine whether
it is allowed to contact certain IP addresses on my behalf...

20 years ago, the Apollo unix-like operating system ("Domain"??)
allowed a Unique ID for each executable, and ACLs for each file could
specify which programs were allowed to access them in various modes
(e.g., this *one* program is allowed to write to the accounting
database). That doesn't seem to have caught on. [On the other hand,
considering that Internet Explorer is "part of the operating system",
there wouldn't be a seperate UUID for it anyhow...] 

-- 
Ceci, ce n'est pas une idée.

Relevant Pages

  • Re: Hardening Windows XP
    ... I will assume a "Windows" operating system is what is ... Windows Update ... You should at least turn on the built in firewall. ... Kerio Personal Firewall ...
    (microsoft.public.windowsxp.security_admin)
  • Re: XPs Firewall and general security
    ... If I thought it was intentional, I might suggest that the only thing Microsoft are doing here is actually being the only company to be honest about the viability of a host based firewall in the face of an attack from software running as administrator on the host box. ... I refer to having all points of access to the operating system closed until needed by a verified and safe program. ...
    (microsoft.public.security.virus)
  • Re: Alternative to Norton Internet Security?
    ... I have net experienced any viruses or other unwanted downloads / attacks. ... Is there an alternative security software/system available that is as good at protecting my system but without the cost in system performance? ... What WinXP's firewall does not do, is protect you from any Trojans or spyware that you might download and install inadvertently. ... it is incumbent upon each and every computer user to learn how to secure his/her own computer. ...
    (microsoft.public.windowsxp.general)
  • Re: Best Free Firewall Virus
    ... And NO I do not want to use the XP built in firewall. ... > M$ can't even make a good operating system, why should I trust them to ... I do however recommend installing free virus scanner software. ... It won't bother you with any popups except when it gets its updates (and these ...
    (comp.security.firewalls)
  • Re: Why most run Microsoft, not RedHat
    ... re-install has happened more than that. ... Heck, even Steve Ballmer, CEO for Microsoft needs to re-install Windows ... We have an enterprise grade firewall behind the router. ... The main problems I encounter again and again are with clueless operators who've ignored repeated instructions about dangerous surfing practices and clicking on attachments - those are the two most common causes of problems - are they caused by the operating system? ...
    (Fedora)