Re: Potetial Outpost Conflicts?

[James Taylor <james_n_taylor () yahoo com>]

Hi Colin,

I'm afraid I don't consider it due diligence. I actually
consider it more of a risk, more administrative overhead,
more instabilities. But if you think they work well
together, well, fine. I doubt you'd get any official
support for any applications that utilise the TCP/IP stack
(most nowadays). I don't  disagree with running similar
'security processes' but *not* on the same machine. If you
want 2 firewalls, I would always use 2 devices - either H/W
& S/W or 2 separate machines. Perhaps install an IDS
internally to the firewall, and configure it to monitor
TCP/IP scans/attempts applicable to the services you allow
- remove unnecessary rules - unnecessary processing
overhead.

Why not install both on the same machine, allow one to
allow, say port 25, and disallow port 25 on the other. Go
to scan.sygate.com and scan yourself - see what the outcome
is. Then swap the 2 rules and try again. Try with other
ports e.g FTP/HTTP. Be interesting to know what happens.
And what will you do *if* one of your applications starts
to behave in a strange way? How will you troubleshoot
exactly which of the firewalls or anti-virus engines *may*
be causing the problem?

You say that you have 25 years in security - then you know
that it's not about *what* you install, it's about *how*
you go about your business - what you allow/disallow, what
services you run, how often you patch, how often you
backup, how often you download signatures, where you leave
your backups, how many locks you have on your doors, how
many windows you have to the outside world, your
connectivity into a work network/outside world, if you
accept and open attachments from friends via email (well, I
know we shouldn't but come on, who hasn't??? We take the
risk that we see appropriate depending on how safe we feel)
whether you have a static or dynamic IP address as if you
get a new IP each time you connect to your ISP, and only
use for an hour at a time, does not give the attackers much
time to scan, find and compromise your system, well IMO,
anyway... Blah Blah...

Take Care Out There...

James

--- Colin Rous <crous () sympatico ca> wrote:
> I suspected this question would come up.  While I think
> it is somewhat 
> off-topic, I'll answer it in case others are interested
> in my rationale.
>
> At 01:21 PM 16/01/2003, alaskan () telusplanet net wrote:
>
> > On Wed, 15 Jan 2003 09:23:49 -0500, you wrote:
> >
> > Paranoid?
>
> Having spent over twenty-five years (yes, 25 years!) in
> computer security, 
> I don't consider it paranoia;  I consider it due
> diligence.  As I said 
> originally, I also run two virus scanners.  I also run
> both Ad-aware and 
> Spybot.  In fact, wherever possible I run multiple
> varieties of *any* 
> security process.
>
> > Why would you want to run a second and a third copy of
> software that
> > does the same thing?
>
> I don't.  I run two copies of software with the same
> *objectives*.  They do 
> different things in different ways.
>
> > The practice of multiples will slow your system down and
> add
> > instability and vulnerabilities as stated by the
> programmers.
>
> I'll live with the performance hit.  I won't tolerate
> instability and 
> vulnerabilities which is why I asked the question.
>
> > I think I'd sleep better knowing that at least one
> program is working
> > to spec without the worry of not knowing if it helps to
> run multiples
> > without a guarantee of performance.
>
> How do you know it's "working to spec"?  How do you even
> know what its spec 
> is?  If you sleep well with one firewall, good on you;  I
> sleep better with 
> two.
>
> Cheers,
> Colin


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com