On Sunday 14 December 2003 01:55 pm, Carren Stuart wrote: > As I have already admitted, I understand little of the linux firewall > or how it operates behind the scenes. I DO however understand how my > Windows based firewall Kerio works, and I HAVE done my homework on > installing it and setting it up.
Well, then you understand that Kerio runs as a process, just like every other process on your system. Since all processes run as admin on the system, you know that another process can shut down the Kerio process as long as it is programmed to know how to do so. Kerio is not integrated into the kernel, nor is it integrated into the hardware level of network, thus it can be bypassed or turned off. You may be attentive enough to recognize when this happens. I would prefer software that was incapable, or at least very resistant to the possibility. Kerio and other Windows firewall solutions are user friendly. However, they operate in most cases on the exact same system that they are meant to protect. Running a firewall on the primary computer is simply never a good idea, security wise. If you were running Kerio on a standalone box that sits between your box and the Internet connection, that would be better. However, there are known and recognized limitations on the ability to secure any Windows system and since Kerio runs on Windows, it is inherently inferior to a Linux solution since Linux is a more secure OS. Kerio is better than nothing at all, and if configured correctly, can provide a lot of protection. Given the massive numbers of Windows machines that are totally insecure, even a moderate level of protection may provide a lot of security as bad actors hit the lowest hanging fruit first. > It is NOT what I would call a newbies Windows firewall, as it is rules > based and requires at least a basic understanding of protocols, but it > is highly configurable and it works! My firewall comes up stealthed in > EVERY security test I have done on it, without fail, and I am as > confident as anyone can ever be with things internet security, that it > is protecting my machine more than adequately. If you load and run software that is obtained externally, your box is not secure. It is that simple. If you use Internet Explorer as your browser without a very secure proxy server, then your machine is capable of running applications without your knowledge. There are several known vulnerabilities in IE, at least one of which, has had no patch issued to address it. It is not the attacks that are so well known that there are standardized tests that can be run against them that I usually worry about. Given that you are running a closed source operating system, the insides of which only MS has ever seen, you would be foolish to feel yourself secure, even if Kerio was the best firewall software around. There is simply too much that even the Kerio developers don't know about the OS they are trying to protect. > You seem to imply in your statement above, that anyone using Kerio or > any similar Windows based "pretty" firewall, is kidding themselves > into believing they are *safe* while all the time being wide open to > attack from the Internet. That is simply not true. My statement is based on the fact that Kerio, along with a lot of other personal firewall solutions, runs on the target machine, has a wizard that allows a user to change rules themselves on the machine and can be compromised by an application run locally that knows how to turn the software off or knows how to masquerade as another application or stealth as another application. By comparison, iptables or shorewall, should be running on a buffer machine, it has to be configured only by root and thus requires root privileges to be compromised or changed, can be run on an even more secure version of Linux that is even more resistant to attack, and users and less than root processes on the machine can not bypass the software, nor can they change or institute their own rules. > As with any > firewall, including your shorewall and iptalbes, it needs to be > configured correctly and constantly monitored to ensure that current > rules are still appropriate at any given point in time. Agreed. However, since it is easier to compromise the security on a windows machine, by definition, it is easier to compromise the security provided by Kerio or other windows firewall solutions than a Linux one. The name or type of software does not change that. > Properly > configured, Kerio does a fine job of protecting my machine. Sure, > there are computer users out there who are running a badly or > incorrectly configured firewall who WILL be open to attack ... > however, I am not one of them. Well, you may not be open to attack, provided that you know enough about windows to have hardened that operating system. I know just enough about windows to know that I would never, ever trust that OS to be secure from anything or anybody at any time. Your mileage may vary. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
