Re: I am sick of windows firewall
- From: louise <louise@xxxxxxxxxx>
- Date: Tue, 21 Mar 2006 07:00:09 GMT
Duane Arnold wrote:
Sebastian Gottschalk wrote:I've read all your posts and am confused by your statement(s) that PFWs only deal with incoming traffic.
Duane Arnold wrote:
IPsec that's on the XP O/S too can be used to supplement the XP FW if
you need to stop outbound packets. And it can do it by port, protocol,
or IP.
[...]
I use the AnalogX IPsec rules to supplement BlackIce on the laptop.
That's bad. You're always open to IP/50, IP/51 and UDP/500, and your
rules will always let pass all Kerberos, NetBIOS, multicast and
broadcast traffic. Some of those excemptions can be disabled, some cannot.
I have made my adjustments to IPsec to supplement BlackIce to fit my needs. BlackIce is set to stop all unsolicited inbound traffic and is letting nothing through that's not solicited. In addition to that, I have set rules with BlackIce to block TCP and UDP ports from 1-65535, which means if I take BI off of it highest configuration rule of stopping all unsolicited inbound traffic, it's still blocking all unsolicited inbound traffic.
IPsec is only a supplement to BlackIce or to any PFW solution. It's not a front line defense solution. If I need IPsec to stop outbound that BlackIce cannot do by setting rules, then I'll do that.
In addition, the alters on BlackIce's highest threat level that I was getting that were happening on the attempts on the Windows networking ports even though BI was stopping the attempts came to a complete stop on the notification and logging, once I implemented the AnalogX rules for IPsec, activated IPsec and configured IPsec to start block packets amid at those ports.
Again, IPsec is a supplement solution behind the PFW solution and I am pleased with it's ability to be a supplemental packet filtering solution.
Ipsec is doing its job on this laptop. If it comes past IPsec and BlackIce on unsolicited inbound traffic, then I'll worry about it. :)
I need IPsec to stop outbound if I need it to do it. That's its purpose and why it is there.
Duane :)
I've been using Sygate for several years (don't know what to use instead, even now), and it definitely asks before it connects for an update. For example, Adobe Reader always wants to update - I set Sygate to stop it. Several other programs I run want to go check for updates all the time and I don't want them to use resources and keep my waiting.
And - perhaps more importantly, I certainly don't want them to download and install their updates unless I decide I need that update. And then, I want to install one update and make sure it hasn't affected machine performance, before I download another. Essentially, I want to know what's going on. Even if the intentions are good, if there is a negative result, a bug, a conflict between programs, I want to know what was just changed/installed/updated.
If Windows FW doesn't do that - then what would I need it for? I have a Linksys NAT, SP1 router - doesn't that perform the same function better?
TIA
Louise
.
- Follow-Ups:
- Re: I am sick of windows firewall
- From: Spack
- Re: I am sick of windows firewall
- From: V S Rawat
- Re: I am sick of windows firewall
- From: Duane Arnold
- Re: I am sick of windows firewall
- From: Volker Birk
- Re: I am sick of windows firewall
- References:
- I am sick of windows firewall
- From: V S Rawat
- Re: I am sick of windows firewall
- From: Volker Birk
- Re: I am sick of windows firewall
- From: V S Rawat
- Re: I am sick of windows firewall
- From: Duane Arnold
- Re: I am sick of windows firewall
- From: V S Rawat
- Re: I am sick of windows firewall
- From: Duane Arnold
- Re: I am sick of windows firewall
- From: Sebastian Gottschalk
- Re: I am sick of windows firewall
- From: Duane Arnold
- I am sick of windows firewall
- Prev by Date: Re: VOLKER--Re: Kids bypassing firewall via web proxy sites
- Next by Date: Re: I am sick of windows firewall
- Previous by thread: Re: I am sick of windows firewall
- Next by thread: Re: I am sick of windows firewall
- Index(es):
Relevant Pages
|
