Re: to PFW or not to PFW

on 1/31/2006 10:14 AM Juergen Nieveler said the following:
Nicholas DePetrillo <nick_usenet@xxxxxxxxxx> wrote:

You can never have a 100% effective firewall/filter, you can only do
risk mitigation. The more risk mitigation the safer you are. If that
means putting layers of security between you and the rest of the world
thats fine. One of those layers might as well be a PFW/Packet filter.

Another way of mitigation is offering less that actually can be attacked.

If there's no service listening and the port just says "closed" in tests, nobody can exploit it unless the whole IP stack is broken. IF the IP stack is broken, however, no personal firewall on top of the IP stack can protect you.

The best protection is a) to use a router with NAT and port filtering, and b) to disable all unnecessary services on your machine.

Juergen Nieveler

Another post in this list had a link to some suggestions:

In it there is a list of services recommended to disable. Are there other guidelines on disabling services? Is there a "best" site for learning what all those services are? It's tough to know whether a service is "necessary" if you don't even know what the hell it is. The problem I have had is trying to find a site that gives good information without trying so hard to sell me something that I can't use the info. (Makes me suspect the quality of the info too.)