Home page logo
/

basics logo Security Basics mailing list archives

Re: Securing a Local Network
From: "Greg" <pchandyman () ozemail com au>
Date: Wed, 21 Apr 2004 08:02:39 +1000


----- Original Message ----- 
From: "Meidinger Chris" <chris.meidinger () badenit de>
To: "webmaster" <webmaster () play-by-mail de>; <roberts () tridecap com>;
<security-basics () securityfocus com>
Sent: Monday, April 19, 2004 4:26 PM
Subject: RE: Securing a Local Network


Hallo Andreas,

there are definitely advantages to using a proper firewall, beyond simple
defense in depth. The primary one, is that you will have to allow a lot of
different ports on the local network. That means that the compromise of a
single misconfigured host will result in the compromise of the entire
network. What about, for example, a virus or trojan? A desktop firewall
will
not likely protect from call-home malware that opens a connection itself
to
an internet host waiting for a shell. For this and other reasons,

With all due respect, that is totally incorrect. The XP one doesnt but a
simple ZOne Alarm free edition will as will other brand name firewalls AND
this has been known for years, now. In fact I used Atguard (prior to
Symantec buying it) to block a call home virus on a computer connecting to
the net. It was disallowing the user access to update his AV prog. I blocked
the virus outbound as it was the easiest way out, updated their AV prog
which could, now, know the virus and get rid of it.

In all that, there is still the problem for a simple user that Zone Alarm is
too complicated. Sometimes ZA stuffs up contacting sites you want to contact
so you must shut it down and open yourself up to attacks from the net in
order to do what you want. This is where XP's firewall becomes useful for a
simple user. If they want to use ZA most of the time yet want to shut it
down at times when it interferes with something OK that they want to do,
should they have the XP firewall set on before dialling in, once ZA is down,
they still have SOME protection and XP's firewall doesn't interfere with
what they are doing.

Greg.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault