Re: XP's Firewall
- From: B. Nice <b__nice@xxxxxxxxxxx>
- Date: Thu, 24 Aug 2006 16:39:20 GMT
On Thu, 24 Aug 2006 06:43:43 -0700, "Kerry Brown"
<kerry@xxxxxxxxxxxxxxxxxxx*a*m> wrote:
B. Nice wrote:
On Thu, 24 Aug 2006 05:08:01 -0700, Panda_man
<Pandaman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
"B. Nice" wrote:
With a properly configured machine you don't nescessarily need one.
Very funny but wrong!
Please explain that to the people I know running a machine directly
connected to the internet without a firewall and without problems.
Hint: They are not offering any network services.
Very few people could configure a computer to be safe without a firewall of
some kind.
Not true. They just don't know about it. It's very easy - and at least
as easy as properly configuring a personal firewall. There are both
step-by-step guides as well as ready-to-run scripts available to shut
down network services. With a script it would normally take less than
5 minutes for a regular user to read the instructions and run a
script.
If you then keep your o/s and your other software patched and don't
run all kinds of questionable programs you really can get along
without problems.
Even then there is always the danger that some undiscovered flaw
in the OS would still allow malware in.
Yes. And if you use a personal firewall there is always the danger
that some undiscovered flaw in that firewall will allow something
similar. It really does'nt make much difference - except that a
personal firewall adds further code - and the more code the more bugs
- and the more bugs the more attack vectors. It's very simple
actually.
This is why an external firewall is always best as the first line of defence.
I can only agree to that.
If there is only one computer protected by the external firewall then your
approach may be relatively safe if used with an external firewall.
If wireless is involved or there are more computers networked behind the
external firewall then a software firewall on each computer is the next layer
that is needed.
The OS itself should be the last layer, not the first and only layer.
That depends.
We can definately agree that an external firewall is the preferred
solution.
If you need to provide network services at all and only to a limited
range of computers (for example specific ones on your LAN) then you
need some kind of packet filter to filter the traffic as well as for
protecting your machines from other machines on the LAN getting
infected.
If you have a stand-alone machine connected to the internet the best
approach is to just shutdown all network services. In that scenario a
software firewall will not be an additional layer of defense - just an
extra layer of code available to attack.
.
- References:
- XP's Firewall
- From: B.W.
- Re: XP's Firewall
- From: David H. Lipman
- Re: XP's Firewall
- From: RJK
- Re: XP's Firewall
- From: B . Nice
- Re: XP's Firewall
- From: B . Nice
- Re: XP's Firewall
- From: Kerry Brown
- XP's Firewall
- Prev by Date: Re: Help With w32.spybot.worm
- Next by Date: Re: XP's Firewall
- Previous by thread: Re: XP's Firewall
- Next by thread: Re: XP's Firewall
- Index(es):
Relevant Pages
|
Loading
