Re: Best Firewall?? - follow-up



Nelson <replies-to-newsgroup-only@xxxxxxxxx> wrote:
On Tue, 18 Aug 2009 00:34:23 (CEST), Ansgar -59cobalt- Wiechers wrote:
Kyle T. Jones <KBfoMe@xxxxxxxxxxxxxx> wrote:
Seems like a personal firewall would be useful, for that.

No. You either configure the application to not establish outbound
connections, or you remove the application entirely (in case it won't
allow proper configuration). Everything else is plain stupid.

There are some additional things you can do which involve filtering
applications' target IP addresses for undesired outbound
communications.

Specifically, give permission for applications to access their
legitimate servers and block all others.

Define the "legitimate servers" for, say, a web browser.

Besides, if you'd take a closer look at how DNS works, you might
understand why restricting access to particular DNS servers will not
solve the problem.

For example, you can use firewall rules to permit your newsreader to
access your news servers and your ISP's DNS servers. If you use your
newsreader for e-mail, then permit that too. Then block all others.

You can reduce blocked programs' ability to hijack other programs to
gain external access by preventing application interaction (or acting
as a parent) if your firewall has that ability.

Or, you could simply remove the misbehaving software and fix the cause
of the problem instead of dealing with the symptoms. Which would have
the additional advantages of a) *not* wasting significant amounts of
system resources on trying to confine programs, and b) *not* opening
additional attack vectors for malware. I know what I'd choose.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
.



Relevant Pages

  • Re: Need help with DNS design and settings
    ... about forest root and tree root domains. ... The name servers box is usually populated automatically (at least I ... thought so) with the DNS servers you have the AD integrated zones on. ... > forwarders for internet queries, I put the address of my 2 external DNS ...
    (microsoft.public.win2000.dns)
  • Re: Need help with DNS design and settings
    ... we often point all servers at the ... provided all DNS servers have a consistent copy of the zone. ... Name server box is only the servers authoritative for that zone. ... >>> forwarders for internet queries, I put the address of my 2 external DNS ...
    (microsoft.public.win2000.dns)
  • Re: How to host email using Exchange 2003
    ... > You Own SMTP Mail using Exchange 2000" and think the instructions will ... So their DNS your company is using is Internet "facing". ... record specific Emails servers. ... The ISP DNS servers will do the job of sending Internet mails out. ...
    (microsoft.public.exchange.setup)
  • Re: Question about outbound rules and security
    ... What I meant was that if you have an access rule - say allowing http trafic from 'inside' to 'outside', only trafic initiated from the 'inside' network is allowed. ... Outbound means that clients (and servers acting as clients) can initiate ...
    (microsoft.public.isa.configuration)
  • Re: Question about outbound rules and security
    ... Outbound means that clients (and servers acting as clients) can initiate connections via the specified protocols and are able to receive replies via the connections on the specified protocols/ ports. ...
    (microsoft.public.isa.configuration)