Security Basics mailing list archives
Re: Securing a Local Network
From: "Greg" <pchandyman () ozemail com au>
Date: Wed, 21 Apr 2004 08:02:39 +1000
----- Original Message ----- From: "Meidinger Chris" <chris.meidinger () badenit de> To: "webmaster" <webmaster () play-by-mail de>; <roberts () tridecap com>; <security-basics () securityfocus com> Sent: Monday, April 19, 2004 4:26 PM Subject: RE: Securing a Local Network
Hallo Andreas, there are definitely advantages to using a proper firewall, beyond simple defense in depth. The primary one, is that you will have to allow a lot of different ports on the local network. That means that the compromise of a single misconfigured host will result in the compromise of the entire network. What about, for example, a virus or trojan? A desktop firewall
will
not likely protect from call-home malware that opens a connection itself
to
an internet host waiting for a shell. For this and other reasons,
With all due respect, that is totally incorrect. The XP one doesnt but a simple ZOne Alarm free edition will as will other brand name firewalls AND this has been known for years, now. In fact I used Atguard (prior to Symantec buying it) to block a call home virus on a computer connecting to the net. It was disallowing the user access to update his AV prog. I blocked the virus outbound as it was the easiest way out, updated their AV prog which could, now, know the virus and get rid of it. In all that, there is still the problem for a simple user that Zone Alarm is too complicated. Sometimes ZA stuffs up contacting sites you want to contact so you must shut it down and open yourself up to attacks from the net in order to do what you want. This is where XP's firewall becomes useful for a simple user. If they want to use ZA most of the time yet want to shut it down at times when it interferes with something OK that they want to do, should they have the XP firewall set on before dialling in, once ZA is down, they still have SOME protection and XP's firewall doesn't interfere with what they are doing. Greg. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Securing a Local Network John Roberts (Apr 14)
- RE: Securing a Local Network John Lewis (Apr 14)
- Re: Securing a Local Network webmaster (Apr 15)
- <Possible follow-ups>
- RE: Securing a Local Network Henry, Christopher M. (Apr 14)
- RE: Securing a Local Network Halverson, Chris (Apr 14)
- RE: Securing a Local Network Eric Curbo (Apr 15)
- RE: Securing a Local Network Meidinger Chris (Apr 15)
- RE: Securing a Local Network Meidinger Chris (Apr 19)
- Re: Securing a Local Network Greg (Apr 20)
- RE: Securing a Local Network Meidinger Chris (Apr 19)
- RE: Securing a Local Network Steven Trewick (Apr 24)