Re: Enable firewall to ignore ping requests
From: Tim (noanswer_at_hotmail.com)
Date: 11/28/04
- Previous message: Billy: "Scanner&Burner"
- In reply to: Karl Levinson, mvp: "Re: Enable firewall to ignore ping requests"
- Next in thread: andy smart: "Re: Enable firewall to ignore ping requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 28 Nov 2004 11:58:01 -0000
Thanks everybody for your help, I didnt mean it to spark such a debate.
"Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message
news:Otq98dJ1EHA.1188@tk2msftngp13.phx.gbl...
>
> "Mr. Kurtz" <MisterKurtz@TheCentralStation> wrote in message
> news:ebbwNL80EHA.3236@TK2MSFTNGP15.phx.gbl...
>
>> > Or, you can install free firewalls like www.kerio.com, www.sygate.com
>> > or
>> > www.zonealarm.com These have more functionality than the Windows
>> firewall,
>> > and will give you a lot more information about mystery executables on
> your
>> > system [I think the XP firewall tells you pretty much nothing about
>> these.].
>> > But they may take more effort to maintain. For example, if you end up
>> > blocking something important, you have to look at the logs and figure
> out
>> > what needs to be unblocked.
>
>> To the OP:
>> Take the extra time to learn how to use Kerio, ZoneAlarm, or Sygate. Any
> of
>> thse is far superior to the XP firewall. You would be well served.
>
> That's *much* easier said than done. Many people get frustrated and give
> up. And if your firewall is configured to prompt the user whether or not
> to
> allow a particular communication, eventually the user will allow herself
> to
> become compromised... so prompting firewalls are not always reliable
> security.
>
>> With regard to this particular post:
>> References to "blocking something important" smacks of FUD; particularly
>> after agreeing with the assesment of Gibson's "scare tactics".
>
> I disagree completely. I think my statement was pretty fair and accurate.
> It's not FUD to say that firewalls can easily be misconfigured by
> inexperienced users, with unwanted results. Anyone reading this newsgroup
> regularly knows this happens quite frequently. It's strange to think I'm
> contributing to FUD about firewalls given that I regularly recommend them.
> But I used to be one of those techies who would recommend them to everyone
> without caveats, until I installed one on a friend's computer and had
> absolutely miserable results. And for what it's worth, I hold a
> Checkpoint
> Firewall-1 CCSA certification, so I know a little bit about how to
> configure
> firewalls.
>
> So now I'm much more cautious about recommending firewalls to novices
> without caveats. And pretty much anyone asking advice about how to find
> and
> configure a host-based firewall is a firewall novice.
>
> And note that security is *NOT* about being most secure. The most secure
> solution is often the wrong one. Security is about managing risk to an
> acceptable level, with the end goal being saving time and money and
> enhancing functionality. Given this, the XP firewall is sometimes the
> right
> solution, because with less functionality, it makes novice users
> reasonably
> secure while breaking less and taking less time to administer. I use both
> Kerio and Sygate on my machines, but only because I can support them
> myself
> pretty easily.
>
>
>
>
>
- Previous message: Billy: "Scanner&Burner"
- In reply to: Karl Levinson, mvp: "Re: Enable firewall to ignore ping requests"
- Next in thread: andy smart: "Re: Enable firewall to ignore ping requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
