Re: Do I really need firewall? A newbie's question

From: Wolfgang Kueter (wolfgang_at_shconnect.de)
Date: 05/01/05


Date: Sun, 01 May 2005 13:18:09 +0200

Demon77 wrote:

> But for a newbie (like myself as well)>
> - a good software firewall on the box

There is no such thing.

> a good virus scanner,

Yes, no, maybe.

> regular spyware scans

> common sense

OK.

> and a properly configured router will keep people away from my ip.

If you trust the NAT implementation ...

Unfortunately among all the snakeoil you recommended you forgot the most
important thing: Strict user and access rights.

> Now if you want to get technical, yes...people can walk through one of
> those little routers easily, and probably do it on a regular basis.

Pure speculation.

> But
> why would someone who can blow through a router and comprimise a box
> want to go through a regular computer users box? They would get bored
> after their second "adventure" and want to move on to bigger things or
> do something else.

The average home user machine, that today is often permanently connected to
the net make quite an interesting target, that can be remotely controlled
by installed malware. These boxes form botnets that are for example used to
send out a lot of spam. Professional spamming has become quite a big
buisiness today.

> I say no on the router firewall... mainly because it will give one more
> hoop for the information to jump through on its way out and back in...
> Not to mention something that the firewall a router is sporting is
> probably not the best thing that was ever done...
>
> Block the unused ports,

How woulf you do that? What tools to use for that?

> NAT properly,

Nothing more to be done than 'trust the implemtation'.

> take care of the specific systems (computers, boxes, etc)

What does that mean?

> and hope you dont attract a hacker that can
> blow through security easily and you will be just fine.

Hope? What will you recommend next, daily prayers?

Here comes my list:

1. Set user and acces rights as strict as possible.
2. Install only the absolue minimum of software that is required to get the
work with a certain box done.
3. Install security patches as soon as possible.
4. Do not use bloated software, better do not even install it.
5. Lock down the box, shut down all unwanted services.
6. Delete any attachments you recieve via email from anybody.
7. Do not use insecure client software like IE and Outlook(Express)
8. Keep totally off from IRC and P2P networks.
9. Filter incoming and outgoing traffic with a suitable perimeter device.
10. Learn to understand log files.
11. Read security lists regularely.

Wolfgang



Relevant Pages

  • Re: Connection to a SAMBA Active Directory
    ... Currently, we can't get the 2-way trust going, so there's no connection ... I would then install Outlook 2003 on each desktop (which is on a computer in ... When the user initally launches Outlook, Exchange would ... I am able to define a 2 way Realm trust using the Active Directory ...
    (microsoft.public.exchange.connectivity)
  • Re: [Full-disclosure] XCP2 v XCP - more than sony at fault?
    ... The trust thing is paramount in this. ... >>requires administrator privileges to install. ... > information technology industry and security. ... > Most normal users will still double-click on the CD to execute the content. ...
    (Full-Disclosure)
  • Re: SBS 2003 to SBS 2003 Migration
    ... If the problems in the install would allow you to move ... Alternately, (basically, if you don't trust the AD and don't think you can ... the old server to the new. ... articles for upgrading from SBS 2000 to SBS 2003 but nothing for an SBS ...
    (microsoft.public.windows.server.sbs)
  • Re: Popup ads problem
    ... not use the messenger service, but don't even know it exists. ... but certainly don't rely only on a software firewall to protect you. ... To be truly as secure as reasonably possible, ... system as well as install a firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Which certificate do I have to deploy ? Root CA or Subordinate CA certificate ?
    ... I have understood too that if I install the Root CA cert, I will trust ... every subordinate CA even if I dont have their certificates installed. ... But my question is "why does Microsoft recommend to install the root CA ...
    (microsoft.public.windows.server.security)