Re: Firewall Stealth Mode?



Leythos wrote:

3) I've stated that I've seen a non-technical, typical home user
computer, were the user ran as a local admin, protected by ZAP for more
than a year with no detectable malware on their machine.
Just as above, such cases are rare.

Such cases are very common, and as I travel all over the US, it seems to
be common where I visit.

Then you're not getting around so much or just getting the better
managed/more sane clients.

A) You claim that NAT Appliances don't offer protection
I claimed that any protection offered by NAT Appliances is pretty
unreliable, partitially coincidencal and rarely needed at all.

Except that I don't see any basis for your claims.

OMN! May I cite from RFC 2993:

| NAT (particularly NAPT) actually has the potential to lower overall
| security because it creates the illusion of a security barrier, but
| does so without the managed intent of a firewall. Appropriate
| security mechanisms are implemented in the end host, without reliance
| on assumptions about routing hacks, firewall filters, or missing NAT
| translations, which may change over time to enable a service to a
| neighboring host. In general, defined security barriers assume that
| any threats are external, leading to practices that make internal
| breaches much easier.

NAT is not supposed to be a security measure and the real world
implementations do support this view even more.

B) You claim that PFW solutions don't offer protection
As above, but just worse. PFWs do make a safe computer vulnerable in
first place.

Again, I don't see that to be the case in any of the solutions I've had
experience with.

Hello world? So far there is no Personal Firewall that does not have any
known critical security vulnerabilities.

E) You can't provide any data on vendor, part number, firmware, test,
result for any of the devices that have failed since you say you don't
track ones that have failed.
I named you some. But I can easily catch up by recording in future,
catching documentation from peers, ...

And nothing main-stream, that any typical user might experience, even in
a business.

The contrary dominates the real world.

Strange, "overkill"? having a usable and fully protected network is
overkill?

Neither is it fully protected nor does implementing useless security
feature add any security.

What's disturbing about a secure network?

That you're claiming such without any reasonable concept?
.



Relevant Pages

  • [REVS] Bypassing Client Application Protection Techniques
    ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ...
    (Securiteam)
  • Re: EBS 2008, TMG and external firewall. Dont want double NAT
    ... but didn't find it (searched this server for business, ... security level tool that comes with feature pack 1 if you set the ... disable NAT. ... I forward from the firewall to the internal interface it works (external ...
    (microsoft.public.windows.server.sbs)
  • Re: A firewall wont stop this one
    ... instead of port filtering with a piece of crap. ... If "some sort of protection" cannot be calculated, ... Firewall" a black-box filtering solution is meant, ... OpenSSH had security flaws, that's right. ...
    (alt.computer.security)
  • EBS 2008, TMG and external firewall. Dont want double NAT
    ... the internal interface of the security server. ... accessible through the external IP (whilst NAT is still turned on as is ... I forward from the firewall to the internal interface it works (external ... apparently this does use the publishing rule for acceptance of the ...
    (microsoft.public.windows.server.sbs)
  • Re: EBS 2008, TMG and external firewall. Dont want double NAT
    ... but didn't find it (searched this server for business, ... security level tool that comes with feature pack 1 if you set the ... disable NAT. ... I forward from the firewall to the internal interface it works (external ...
    (microsoft.public.windows.server.sbs)