not that easy ?? I mean "not that difficult"
sorry...
still a bit sleepy :o)
> -----Original Message-----
> From: Hiemstra, Brenno [SMTP:[EMAIL PROTECTED]]
> Sent: dinsdag 29 mei 2001 7:39
> To: 'Phillip Askey'; [EMAIL PROTECTED]
> Subject: RE: How Secure am I?
>
> Philip,
>
> I personnaly am not very keen on the "personal firewall" thingies.
> But you just can't expect a person to install a relative good FW
> running on a Linux box or *BSD. (although it's not that easy).
>
> Although I don't know the winroute product I think it's still limited.
>
> I like the idea "Open only the ports which you need to do your work
> for outbound and inbound traffic". The personal firewall packages
> blocks (standard) everything originating from the internet and permits
> everything originating from the local network. Some personal firewalls
> are able to do soem filtering but thats very limited. As I read it you
> block
> some specific ports originating from your internal network.
>
> Like I said. I would set up my rulebase to block every port which
> I don't see is usefull for my network. There are numberous potential
> ways to compromise your internal network through your server that
> is accessable through the internet. And just installing the latest SP's
> and hotfixes isn;t just enough to have a secure setup. You have to do
> some auditing on your box to prevent a user to compromise your system
> and install trojans / shell access to hack your box or use it as a
> "zombie"
> or other kind of attacks on other systems.
>
> And because you permit all kinds of outbound traffic they can use any
> port other then you block to go onto the internet. Because you don't
> do any filtering they can run traffic over all kind of ports that are
> normally
> used for, for example http traffic (port 80).
>
> Although there are some issues in your setup. It would make it a bit
> harder to penetrate your network for the real scriptkid. But it's not
> definately
> a fool- / bulletproof setup. And installing a Linux based system isn't
> going
> to be the solution if you don't harden it and set up a correct and more
> strict
> rulebase.
>
> Regards,
>
> Brenno
>
>
>
>
> > -----Original Message-----
> > From: Phillip Askey [SMTP:[EMAIL PROTECTED]]
> > Sent: dinsdag 29 mei 2001 6:52
> > To: [EMAIL PROTECTED]
> > Subject: How Secure am I?
> >
> > I have been monitoring this list for about 6 months now. I am by no
> means
> > a
> > security expert, but I have some knowledge on the topic. I wanted to
> > describe my setup and see what type of attacks could get to my inside
> > network or what vulnerabilities exist. I am debating on going with a
> > Linux
> > OS/firewall solution if my setup stinks. I wanted to hear everyone's
> > advice
> > first. First of all, this is a home network with non critical data on
> my
> > workstations.
> >
> > I have a product called Winroute 4.1 running on a WindozeNT 4.0 SP6a
> > Workstation. The product information can be found at www.winroute.com
> In
> > addition to winroute, I also have BlackICE defender installed on the
> same
> > box. I did this because the winroute logging is weak. I have a cable
> > modem
> > assigning me a DHCP address to my outside public NIC and I have another
> > NIC
> > with my internal private IP address. I am doing NAT on the private IP
> > address. I have a few rules enabled to filter outbound traffic. The
> > outbound ports being blocked are 44333, 135, 139, 5631, 5632. By
> default
> > all inbound traffic is denied. I also have a Windows Advanced Server
> that
> > runs DNS, web page and ftp server. I setup port mapping for 21, and 80
> > to
> > go to the internal IP address of the server. I have latest IIS patches
> > and
> > OS security patches. Three other workstations are on my internal
> network
> > which all use my internal DNS server and go out through the winroute
> box.
> >
> > The setup I have is dirt cheap, but is it also a piece of crap? I can
> not
> > afford to setup a PIX here at the house FYI :)
> >
> > Are personal firewalls easily compromised or will they block most
> > attempts?
> >
> > Also, is there any thing that I can be doing to enhance what I have with
> > the
> > limited tools?
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
