Re: to PFW or not to PFW
- From: Duane Arnold <NotMe@xxxxxxxxx>
- Date: Tue, 31 Jan 2006 19:50:17 GMT
JIP wrote:
Get yourself a FW packet filtering router that meets the specs below in the link.Greetings
As a non-techie I am confused. Whilst lurking in this and related groups I see a debate that goes on as to whether there is any point in using PFWs, in particular to monitor outgoing traffic. Some say it's essential (as do most magazines, and of course all companies marketing such products) and others say that they are so easily circumvented that it's a waste of time - and if I understand correctly, some even say that they actually open up further vulnerabilities.
http://www.firewall-software.com/firewall_faqs/what_does_firewall_do.html
And you can get something like Walwatcher (free) and review the logs.
So, what may be a naive question - is there any point in using a PFW to at least stop badly written nasties from kiddy vandals who haven't learned yet how to do it properly?
I use a personal FW on the laptop while on the road and it's supplemented by IPsec. I have a PFW that doesn't have the snake-oil crap in it and turn off the one snake-oil crap that it does have in it -- Application Control.
For the laptop on the road, I go where I am supposed to go and that's to the O/S and close holes and shutdown services I don't need.
While at home and the machines are sitting behind the FW appliance, I don't use any PFW(s) on the machines, which would be the same if I was using a packet filtering FW router that could stop inbound and outbound.
http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
The key to me is using common sense and not clicking on unknown links at websites or in emails, don't accept unknown emails don't let them reach the machine, secure the O/S as much as possible, go look for yourself as to what's running or happening on the machine by using tools like Process Explorer, Active Ports, and review router or FW appliance logs for dubious connections to remote WAN IP(s).
If the NAT router couldn't stop outbound, the I would a PFW to supplement it. The rest of the snake-oil crap is PFW(s) is basically worthless IMHO and can be defeated so don't lean on it like a crutch.
Duane :)
.
- References:
- to PFW or not to PFW
- From: JIP
- to PFW or not to PFW
- Prev by Date: Urgent comments please
- Next by Date: Re: locking down ssh
- Previous by thread: Re: to PFW or not to PFW
- Next by thread: Re: to PFW or not to PFW
- Index(es):
Relevant Pages
|
