Re: Why do I need a software firewall?
From: Leythos (void_at_nowhere.lan)
Date: 10/02/05
- Next message: Ari Silversteinn: "Re: Plug-in USB hardware device captures keystrokes on Mac and PC USB keyboards."
- Previous message: Volker Birk: "Re: Why do I need a software firewall?"
- In reply to: Volker Birk: "Re: Why do I need a software firewall?"
- Next in thread: Todd H.: "Re: Why do I need a software firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 02 Oct 2005 18:36:38 GMT
In article <434024f3@news.uni-ulm.de>, bumens@dingens.org says...
> Leythos <void@nowhere.lan> wrote:
> > the NAT device will protect
> > the user regardless of the settings in the Windows Firewall
>
> The Windows-Firewall will protect the user regardless of the settings
> of the NAT device. So what?
So, your comment proves that you don't understand security.
> > and since
> > the File/Printer sharing is enabled by default
>
> This is just wrong. To check this, one for example could do a nmap -P0
> onto a box with Windows XP SP2 and actual patches in the default
> configuration. Everybody will see then, that this is wrong, what you're
> claiming.
Nope, on more than 1500 machines we done in the last two years, everyone
of them had file/printer sharing enabled by default and QOS too.
> > since the User manages
> > the Windows Firewall
>
> And the user is managing the NAT router, too. So what?
Nope, the user has to connect to the NAT Router to "manage" it, it's not
managed if the user isn't TRYING to manage it. Windows XP firewall can
be reconfigured by the user and by applications without the user knowing
it.
> > since applications can also manage the Windows
> > Firewall, etc...
>
> If the computer of the user is compromized already, _every_ "Firewall"
> is useless now. Also a NAT router cannot protect a PC, which is
> compromized already.
A computer that is compromised, even with a Firewall other than Windows
XP firewall, has a good chance of alerting the user about traffic - in
addition to showing the traffic in some simple GUI to understand -
something the Windows Firewall doesn't even offer.
As for NAT, NAT can stop a lot of outbound traffic if you configure it
properly - I should specifically say that most NAT routers can block
outbound to specific ports. In the case of many viruses, they seek to
connect to specific ports on remote machines, deny those ports outbound
and you deny it the ability to infect other machines.
> > The NAT router is still better than Windows simple non-
> > firewall.
>
> No arguments yet, with the exception of easy to test wrong claims.
>
> > Now, if you think I've not stated anything technical, read it
> > again, try and learn a little about what I've typed, then don't come
> > back if you don't understand.
>
> I can see now, that anything you're stating here is wrong or at least
> without any relevance. But you're getting better now: you're stating
> _anything_ at last.
>
> It's a pity, that it's all completely useless.
Keep thinking it, if you ever get a job supporting a network, where you
have any involvement in security, you will learn just how wrong you are.
> > > I'm not talking about FTP servers here, but about FTP clients.
> > NAT does not break FTP, if you think so, then you know little about
> > networking.
>
> Please explain, how active and passive FTP are working, and what the
> difference is. If you have problems with it, try to read RFC 959 first.
Why, don't you already know - NAT doesn't block FTP, it only means you
can't do active FTP in most cases. I can daisy chain 8 linksys routers
to each other, in series, and still connect to public FTP sites from the
last one in the chain.
> Of course, NAT is a problem for FTP clients. But, after all you were
> writing, I'm not very surprised, that you even don't know how FTP works.
I know a lot more about it than you do it seems - I've got many FTP
servers behind NAT solutions, and we use many FTP servers that are also
behind NAT solutions - no problems using it at all.
Now, tell me specifically how you can't use FTP when behind a NAT
solution - come on, tell me, here's a hint - FTP works just fine behind
NAT solutions.
-- spam999free@rrohio.com remove 999 in order to email me
- Next message: Ari Silversteinn: "Re: Plug-in USB hardware device captures keystrokes on Mac and PC USB keyboards."
- Previous message: Volker Birk: "Re: Why do I need a software firewall?"
- In reply to: Volker Birk: "Re: Why do I need a software firewall?"
- Next in thread: Todd H.: "Re: Why do I need a software firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
