RE: Zone Alarm

["Robert J. Liebsch" <rliebsch () stoneyamashita com>]

So, Once you PAY for ZoneAlarm, you don't have to worry about CPU and MEM
hogs...

but my solution:

ZoneAlarm on the PC you are using. Get smart, you dont go to a port city have
unprotected sex, 
so when you jack in you should have something covering your ass...

LinkSys Wireless Access Point Cable/DSL with 4 Port Switch. This too has a
Zone Alarm 
install on it. But NAT is NAT. Now you can DoS these, and a poorly configured
one or 
default password set is bad. Duh.

SnapGearPro if you need VPN and such. They work. They are linux based. Easy
to use.

Everything has to be done in layers. No services running or installed which
aren't being used. 
Configure your services. Defaults are bad for you. Chroot. Change passwords,
use permissions. Check SUID.
ipchains/iptables/ipfw is running and filtering every other port, even the
ports which are not listening.
The switches have to be maintained. You can tell a switch what to do, it'll
listen. 
Then your routers need to be configured properly. How many times do you see
in your logs 
10.30.40.200 trying access something. There is no reason for RFC1918
addresses to get passed by 
routers, spoofed or not.

Security is easy, but it is time consuming. Sorry about the digression...

Zone alarm is good, but it is only 1 layer. (its only good AFTER you pay for
it IMO)

PS. the URL is fuX0r3d. 


> ----------
> From:         Jason
> Sent:         Wednesday, June 4, 2003 11:53 AM
> To:   morning_wood
> Cc:   Ben Tyson-Norrman; full-disclosure () lists netsys com
> Subject:      Re: [Full-disclosure] Zone Alarm
>
> Unfortunately the $40 'hardware' devices are not either.
>
> Please reference the excellent work by Core
> http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10
>
> and the _much_ more expensive 'hardware' devices are just as prone
>
> http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml
> http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml
> http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-regression-pub.s
> html
> ...
> http://www.cisco.com/warp/public/707/advisory.html
>
> For a personal solution Zone Alarm is quite possibly more adequate and 
> appropriate.
>
> morning_wood wrote:
>
> > Zone Alarmbuy a $40 hardware router. Software firewalls are not a security
> solution IMHO.
> > morning_wood
> >  ----- Original Message ----- 
> >  From: Ben Tyson-Norrman 
> >  To: full-disclosure () lists netsys com 
> >  Sent: Wednesday, June 04, 2003 8:53 AM
> >  Subject: [Full-disclosure] Zone Alarm
> >
> >
> >  I'm not sure I can ask this question without derision, but here goes... 
> >
> >  Zone Alarm, is it really as crap as everyone makes out.... or is the
> usual posturing by ill-informed...? 
> >  Many thanks all 
> >
> >  Visit our web site @ www.twowaytv.com 
> >  This e-mail and its attachments are intended for the above named
> recipient(s) only and may be confidential, legally privileged and protected
> by law. If you are not a named addressee or have received this transmission
> in error, please notify us immediately at postmaster () twowaytv co uk and
> then delete this e-mail. As Internet communications are not secure we do
> not accept legal responsibility for the contents of this message or
> responsibility for any change made to this message after the original
> sender sent it.  Save for this legal notice, the contents or opinions
> contained within this e-mail are solely those of the sender and do not
> necessarily represent those of Two Way TV Ltd unless otherwise specifically
> stated. 
> >  
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html