Re: Home Networking/Firewall problem



Ben Hardy wrote:
If she
was to tell her students at the the outset, that in order to use a
computer securely and effectively they would need to have in depth
knowledge of TCP/IP, MRU, NAT, PING, FTP, DHCP etc etc they would walk out.

This is because you totally misquoted me. I said that for using packet
filters to achieve security you're required to have such a knowledge.
And that's exactly why host-based packet filters, including those lousy
implementations commonly called "personal firewalls", are no good for
uneducated users. And neither are they needed.

XP is far from any pretense of a secure OS - you only have to count the
number of Critical Security updates required since it was released
(several hundred?)

And none of these addresses a design flaw. Even worse, some of them
addressed user-invoked design-based problems, f.e. that misusing MSIE as
a webbrowser is always a security vulnerability.

Now do you even want to complain that Microsoft actively searches and
fixes security holes?

The vast majority of computer users don't wanna know all that tech stuff
and they shouldn't have to. Back to the car analogy - yes you have to
learn to drive a car as you do a computer but most drivers are not rally
car or network technicians, don't want to be and shouldn't have to.

Exactly. So why are you quarreling around with ZoneAlarm?

and especially that he has been using ZoneAlarm clearly
shows that he didn't even bother to check how vulnerable his system
actually is.

Actually, I have bothered quite a bit with virus/spyware/adware
precautions and having been using the Net quite heavily for many years I
can say that I've had only a very few minor problems.

I would say that you're lacking the knowledge to notice the problems
that are invisible to you. :-)

F.e. it's pretty unlikely that you noticed ZoneAlarm slowing down access
to eBay. But it does, inevitably.

What is a non-technician supposed to do apart from regularly update anti-virus
software, download yet more 'fixes' from MS, take care with email, visit
numerous websites purporting to test your firewall and learn as much as
time allows.

What about using restricted privileges, not using totally defective
software and especially using common sense? Maybe you'd also notice that
virus-scanners don't address the problem of running untrusted software,
but merely serve as an intrusion detection tool, and that "firewalls"
usually don't address any home-user problem at all (beside that the
common implementations just add new attack vectors).

Is computing these days about noodling endlessly with the PCs innards or
getting some work done?

No. Exactly not. But you need to know the basic stuff, and appearantly
most people think that the (actually pretty complicated) nonsense spread
by mass media is such basic knowledge whereas such important (and basic)
thinks like privilege separation and ACLs aren't even considered at all.


BTW, you quoting sucks. :-)
.



Relevant Pages

  • Re: Defense in Depth
    ... What is meant by "layers" of security, is this: the entry points that must be ... Physical Layer - Physical access to the resources. ... attacks and other attacks that go after the software itself. ... "layer" in one long chain (lots of firewalls). ...
    (Security-Basics)
  • RE: Wireless Security for Home Users
    ... for most home users to create and/or manage 2 firewalls and a DMZ. ... As with most network security, ... investigate additional security features available from the WAP ...
    (Security-Basics)
  • RE: [Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
    ... > 1) I don't trust MS products for security related tasks. ... firewalls running on NT? ... necessary steps to mitigate the risk and protect yourself. ... We still had six boxes hit. ...
    (Full-Disclosure)
  • Graduate Students Unlock Code of Thiefproof Car Key
    ... Graduate Cryptographers Unlock Code of 'Thiefproof' Car Key ... team that plans to announce on Jan. 29 that it has cracked the security ... An executive with the Texas Instruments division that makes the systems ... Variations on the technology used in the chips, ...
    (sci.crypt)
  • RE: IDS is dead, etc
    ... Most firewall logs are just as tough to decipher as IDSs. ... Automated security analytics is a tough animal I don't care what the system. ... firewalls and IDSs, not just IDSs. ... There is no solution to these problems, therefore IDS is dead and we ...
    (Focus-IDS)