Home page logo
/

basics logo Security Basics mailing list archives

RE: Personal Firewall for Business use
From: "Kent James" <kent1 () caspia com>
Date: Fri, 31 Oct 2003 07:00:01 +0400


And I still fail to see why one would want to use a PF on a server.

Regards
Ansgar Wiechers

I can give you a personal example, maybe trivial but real. Most of the time
I live outside of the US, but my family network in the USA runs, unattended,
on Windows 2000 server with a full-time modem connection to an ISP. An old
version of Tiny Personal Firewall runs on that server, and successfully
protected it from the MS Blaster worm that hit while I was out of the
country.

I don't use any of the personal firewall features such as application
checking, just simple blocking of incoming connections that I have
configured directly. So maybe you are correct that there is no reason to run
a "personal firewall" on a server, but this particular "personal firewall
product" had some value to me on a server, mainly because it was free and
available.

The other nice thing about running TPF is that it has a screen that shows
all of the IP connections, and the traffic on them. I run it on my personal
laptop, with the firewall disabled most of the time, just for that purpose.
(And that is also useful on servers).

+----------------+
  Kent James, Ph.D, MCSE
  Computer network support in Baku, Azerbaijan
+----------------+

-----Original Message-----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net]
Sent: Thursday, October 30, 2003 8:06 PM
To: security-basics () securityfocus com
Subject: Re: Personal Firewall for Business use



On 2003-10-29 Ivan Hernandez wrote:
Ansgar -59cobalt- Wiechers wrote:

[ Windows TCP filtering ]

"Application level protection" is ridiculous if the protecting agent
is running on the same box. I keep wondering how people can expect
software that allows user interaction (like most personal firewalls
do) to prevent other (malicious) software from doint whatever it
pleases.

I would reccomend you to read the good information about on the Gibson
Research site at http://www.grc.com
Try the information leak utility that's very usefull with all the
other toys written in assembly. It's a nice and educational site.

You're kidding me, right? You are not actually saying that you are using
some software to protect some other software from the very same malware
the other software is supposed to protect you from?

Windows Kernel Filtering will not stop a trojan from making
connections on the internet, and that's one of the most important
risks on a personal computer.

So what? Most so called personal firewalls (including Zone Alarm) won't
do that reliable, so what's the point in using them? Besides I didn't
say anything about Windows Kernel Filtering and we're talking about a
*server* here.

Most worms are going via email today, and the filter will do nothing
with that, but with some application level filtering, like Zone Alarm
has, you can catch them before they go to the internet.

Have you even read what I was saying? No! You! Can't! At least not
reliably.

You probably could if the PF was running with escalated privileges AND
your account weren't AND it had no interface to unprivileged users but
rather rule-based configuration AND it the malware could not escalate
it's own privileges AND wouldn't kill the PF. That's one hell of a lot
preconditions for successfully using a software that's supposed to help
secure your computer and AFAIK most PFs (including ZA) don't meet them.

And I still fail to see why one would want to use a PF on a server.

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault