Re: FIREWALL CHECK




"Root Kit" <b__nice@xxxxxxxxxxx> wrote in message news:igc1945ilu2jq6brb1m7gusj5i1vc6hhe1@xxxxxxxxxx
On Wed, 30 Jul 2008 13:01:16 -0400, "Mr. Arnold" <MR.
Arnold@xxxxxxxxxx> wrote:


"+Bob+" <uctraing@xxxxxxxxxxxx> wrote in message
news:8e6194tfd4b07ms82r6gqi0qmup24qnbee@xxxxxxxxxx

But the point be argued here is having an outbound firewall vs. none
at all (windows firewall).

Once again, will someone tell this person what outbound packet filtering
means, which Vista has outbound packet filtering. What he is talking about
is application control, which are two differnt things and is snake-oil.

Okay. There is a big difference between outbound packet filtering and
application control. Neither are reliable counter measures against
malware allowed to run.



The job of a real FW, which I don't consider some 3rd party personal FW/packet filter or even Vista's FW/packet filter to be a FW is not to stop malware. A FW's job is not to stop malware running on a computer.

A packet filtering FW router, FW appliance or host based software FW running on a secured gateway computer jobs are not to be stopping a malware program running on some computer.

<copied>

What is a firewall?

A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It may be a hardware device or a software program running on a secure host computer. In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to.

*And for those that don't know what two network interfaces means for a computer running a host based FW, it means the the computer must have two network interface cards (NICS) in them with one NIC protecting from the network it is protecting from, and the other NIC protecting the network it is protecting.*
A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest firewalls were simply routers. The term firewall comes from the fact that by segmenting a network into different physical subnetworks, they limited the damage that could spread from one subnet to another just like firedoors or firewalls.

A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.


*That is FW technology, and the Vista FW/packet filter or some 3rd party personal FW/packet filter are NOT FW(s).*

.



Relevant Pages

  • RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
    ... Subject: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM ... Once you turn on the packet filtering, you either allow all, or deny all ... XP's "firewall" has several pre-defined higher layer protocols that you ... communication from any computer or network system. ...
    (Full-Disclosure)
  • Re: Linksys hardware firewall enough...?
    ... they reference the network layer. ... Or try a google web search for "network layer packet filtering". ... Your idea that a simple router with NAT is a firewall is wrong, ...
    (comp.security.firewalls)
  • Re: 56k dial up on laptop 802.11G ?
    ... > "firewall router" or some similar conglomeration. ... must have at least two network interfaces, one for the network it is ... > A router is just something that glues two networks together. ... This is where I think a packet filtering solution or packet filtering NAT ...
    (alt.internet.wireless)
  • Re: netmasks and subnets
    ... I assume you are talking about the internet. ... so the whole network loks like this then? ... filter ip packets and redirect them through the filter code, ... Is your linux box configured as a firewall? ...
    (comp.os.linux.networking)
  • Re: NAT vs. True Firewalls
    ... Kerio) has facility to perform NAT, Packet Filtering, ... > computer acccess to the internet, ... Is it not possible to run a firewall on the machine directly ... > connected to the internet and filter the traffic in- and out-bound on ...
    (comp.security.firewalls)