Re: Don't use a Firewall other than Windows Firewall?

From: Duane Arnold (notme_at_notme.com)
Date: 09/16/05


Date: Fri, 16 Sep 2005 18:57:43 GMT

Sam <sam.sam@sam.samsam.com> wrote in news:dgdsuf$m9p$1
@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com:

> Ok, so Volker Birk makes what seem to me to be some pretty good
> arguments why it's a waste of time running software firewalls offering
> outbound protection (on the basis that any software wanting badly
enough
> to "call home" would in any case be able to bypass that firewall).
>
> But I haven't seen anyone supporting or for that matter refuting
> Volker's view. I'm talking here about basic firewalls such as ZA
free,
> not something like ZASS which may well offer other advantages.
>
> So what's the view - should I reclaim much-needed cpu cycles by
ditching
> ZA free or any other basic 2-way firewall altogether and just rely on
> Windows Firewall, and of course an antivirus scanner? And, of course,
> not installing anything I don't trust.
>
> You views very much appreciated.

I myself see no reason to NOT use MS's XP FW. Sure it has some kind of
application control but it has no means to stop outbound by settings
rules.

However, there is another element that can do it on the XP O/S and that's
IPsec that can be used to supplement any PFW MS's FW or NOT. I'll be
using Ipsec behind BlackIce that cannot stop outbound traffic by setting
filtering rules on my laptop at a client's site in a hotel I'll be in
that as dial-up for the next six months.

Ipsec can stop inbound or outbound traffic by port, protocol or IP behind
the XP FW or a solution like BI.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

I'll be implanting the AnalogX SecPol rules again on the XP Pro laptop.

http://www.analogx.com/contents/articles/ipsec.htm

The only thing about the AnalogX rules is that they prevent file
downloads on High ports > 1024 so you either disable IPsec or learn the
rules to open the required port. I use Active Ports to tell me the port
to open.

http://support.microsoft.com/?id=813878

Using Ipsec to supplement a PFW solution that cannot stop outbound is
solid protection as far as I am concerned.

Duane :)



Relevant Pages

  • Re: I am sick of windows firewall
    ... the XP FW if you need to stop outbound packets. ... I have made my adjustments to IPsec to supplement BlackIce ... the Windows networking ports even though BI was stopping ...
    (comp.security.firewalls)
  • Re: Will Exchange using nonstandard port cause problems with Sharepoint?
    ... about changing the std outbound port of Exchange. ... 'SmallBusiness SMTP Connector'. ... Next, click on the Advanced tab, then Outbound Security,, then Basic ...
    (microsoft.public.windows.server.sbs)
  • Re: I am sick of windows firewall
    ... I use the AnalogX IPsec rules to supplement BlackIce ... need IPsec to stop outbound that BlackIce cannot do by ... attempts on the Windows networking ports even though BI ...
    (comp.security.firewalls)
  • RE: Unable to print on ports 9100/515
    ... Is the protocol definition for outbound on port 9100 and 515 actually trying ... > the detailed steps to publish a TCP/IP network printer through ISA, ... > 306071 How to Publish a TCP/IP Printer Behind ISA Server ...
    (microsoft.public.windows.server.sbs)
  • Re: Outbound ports
    ... Destination Port 80 outbound ... I would never allow more than port ... >resource need) (or inbound for the DMZ). ... arguing that you meant "outbound from the WAN to the DMZ"? ...
    (comp.security.firewalls)