Re: Don't use a Firewall other than Windows Firewall?

From: Duane Arnold (notme_at_notme.com)
Date: 09/16/05


Date: Fri, 16 Sep 2005 18:57:43 GMT

Sam <sam.sam@sam.samsam.com> wrote in news:dgdsuf$m9p$1
@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com:

> Ok, so Volker Birk makes what seem to me to be some pretty good
> arguments why it's a waste of time running software firewalls offering
> outbound protection (on the basis that any software wanting badly
enough
> to "call home" would in any case be able to bypass that firewall).
>
> But I haven't seen anyone supporting or for that matter refuting
> Volker's view. I'm talking here about basic firewalls such as ZA
free,
> not something like ZASS which may well offer other advantages.
>
> So what's the view - should I reclaim much-needed cpu cycles by
ditching
> ZA free or any other basic 2-way firewall altogether and just rely on
> Windows Firewall, and of course an antivirus scanner? And, of course,
> not installing anything I don't trust.
>
> You views very much appreciated.

I myself see no reason to NOT use MS's XP FW. Sure it has some kind of
application control but it has no means to stop outbound by settings
rules.

However, there is another element that can do it on the XP O/S and that's
IPsec that can be used to supplement any PFW MS's FW or NOT. I'll be
using Ipsec behind BlackIce that cannot stop outbound traffic by setting
filtering rules on my laptop at a client's site in a hotel I'll be in
that as dial-up for the next six months.

Ipsec can stop inbound or outbound traffic by port, protocol or IP behind
the XP FW or a solution like BI.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

I'll be implanting the AnalogX SecPol rules again on the XP Pro laptop.

http://www.analogx.com/contents/articles/ipsec.htm

The only thing about the AnalogX rules is that they prevent file
downloads on High ports > 1024 so you either disable IPsec or learn the
rules to open the required port. I use Active Ports to tell me the port
to open.

http://support.microsoft.com/?id=813878

Using Ipsec to supplement a PFW solution that cannot stop outbound is
solid protection as far as I am concerned.

Duane :)