Is there a risk with firewalls? - Page 3

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Re: Is there a risk with firewalls?

Quoted text here. Click to load it

What about wipfw? wipfw.sourceforge.net/

asks
    Wolfgang

Re: Is there a risk with firewalls?

Quoted text here. Click to load it

Show me where it says that this wipfw is going to provide protection at
boot.  Even MS's IPsec which is another packet filter and is on the O/S
cannot even do this. And I suspect that this wipfw cannot do it either.

http://www.support4vista.com/tutorial/windows-firewall.htm


Re: Is there a risk with firewalls?

Quoted text here. Click to load it


I never tested it yet, so I asked.

Quoted text here. Click to load it

Not at boot, as first of all network services with highest priority
would be enough.

Quoted text here. Click to load it

Yes, IPSec is a conglomerate of secure networking and packet filtering.
I was shown, that there are 3 different mechanism of packet filtering,
not three ore more UI to one and the same mechanism.

Quoted text here. Click to load it

I suppose too.
 
Quoted text here. Click to load it

THX.
    Wolfgang

--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04)

Re: Is there a risk with firewalls?
Mr. Arnold wrote:


Quoted text here. Click to load it


What about Wipfw with STARTUP_BOOT_START? Works quite well.
Of course, none of the typical PFW shit works with boot startup.

Quoted text here. Click to load it


Unless it gets circumvented, which is more or less trivial.

Now, what about not offering any services at boot time? Or better generally?

Re: Is there a risk with firewalls?

Quoted text here. Click to load it

Well Wolfgang in the other post,  you heard it here first, let me know if
does as advertised.

Quoted text here. Click to load it

If one has got to offer the service, then one got to offer the service, like
HTTP and FTP, etc, etc.


Re: Is there a risk with firewalls?

Quoted text here. Click to load it


At this time it works at home only as a "2nd line of defence" tool to
filter RPC- and CIFS- connections (not accessible after ntsvcfg.de) from
outside and as a time dependend "children protection" tool: So if it is
## o'clock, it's time to sleep - no further connections between this and
the system of my son are possible.

The machine is accessible as web server called ewert homeunix org (I'll
try to install a internet accessible openssh or openvpn daemon on it).
There are more services, this machine offers for local network access at
home.

I'll look for these BOOT-Options for wipfw in the next time.

Quoted text here. Click to load it

And if one has got to shutdown the firewall service at the same machine?

So it's better to restrict the user to use this or that software
offering services, it is well known as "software restriction policies".

A got place for a firewall is *between* these systems and the untrusted
network.

Wolfgang

--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04)

Re: Is there a risk with firewalls?

Quoted text here. Click to load it

You take the machine offline.
Quoted text here. Click to load it

I'll sit my machine behind a FW appliance or packet filtering FW router
that's not running with the O/S on the machine.

And if I need to stop contact with a service running on a machine behind
them, I'll set a rule to close those ports the service is offering.

On the other hand, on my laptop that runs services, which are protected by
Vista's FW/packet filter and when the laptop is connected to something other
than my LAN, it's not coming down. So I don't worry about something like
that. And if I do have to take the FW down in that situation, then it's not
going to be connected to any network, period.


Re: Is there a risk with firewalls?
Dear Mr. Arnold,

Among the many responses I found your explanation and advice most useful.

It appears that a NAT router is the safest way to protect my or any PC from
intenet intrusions occurring at any time and coming from tine Internet?
True or Flse?

There are some additional questions which remain:
1.) Is a firewall such as Zone Alarm still needed even if one has a NAT
router
     stalled? The NAT router prevents access to the PC from any other site
but
     the one the PC has been connected to, but it does not prevent a malware
     program from contacting a site of its choosing. Is this the reason why
one
     still needs a firewall in addition to a NAT router?
2.) Why is the vulnerable period between boot and final activation of a
software
     firewall not mentioned and described in the help texts for commercial
soft-
     ware firewalls? It appears that Microsoft with Vista has officially
acknowledged
     that such a vulnerable period exists. ( I found that out the hard way.)
3.) Finally you say that a firewall needs two network interface cards one
facing
     the internet, the other the local network. There are no such interface
cars
     on my PC or on most of the PCs using software firewalls such as Zone
Alarm.
     I therefore do not follow your explanation.

Thank you

G,R,


Quoted text here. Click to load it
to
the
and
to
any
more
on
the



Re: Is there a risk with firewalls?
NoSpam wrote:

Quoted text here. Click to load it


False. A NAT router is not a security device and you should not count un
unreliable side effects.

Quoted text here. Click to load it


Neither does ZoneAlarm, albeit trying to create the impression that it could.

Quoted text here. Click to load it


Because security is not intended?

Quoted text here. Click to load it



Huh? Firewalling at boot time was already provided and documented with
Windows XP RTM.

Quoted text here. Click to load it


Hm? Shouldn't it be "it therefore doesn't follow your explanation, therefore
it actually is no firewall"?

Re: Is there a risk with firewalls?

Quoted text here. Click to load it

The NAT router's job is to stop unsolicted inbound traffic from reaching
your computer. With using a PFW with a machine that has a direct connection
to the modem, which will have a direct connection to the Internet, there is
the time during the boot process, that unsolicted inbound traffic can get
there first before the PFW is up and running on the network connection.

If the machine is connected to the NAT router, then this vulnerabilty is
eliminated if you boot the computer, as it's stopping all unsolicted inbound
traffic. It's best to get a NAT router that has SPI in the solution. which
can do this better, than just a NAT router without SPI.

 http://www.homenethelp.com/web/explain/about-NAT.asp

However, if you have malware running on the computer and it's making a
solictation for traffic, then nothing going to stop the solicted traffic not
the NAT router, FW appliance, PFW or host based gateway FW solution.

Let me take that back, you can stop the traffic if you had a standalone FW
solution like a NAT router, FW appliance or a host based FW running on a
gateway computer, protecting a LAN and you knew the inbound or outbound
remote Internet IP and were able to set rules for these types of solutions.

Think about this, if the 3rd PFW was stopping traffic due to possible
malware running on the machine, because you set some kind of rules, then
what happens to those rules during the boot process with the PFW?

Quoted text here. Click to load it

ZA is not a FW solution. ZA is a machine level packet filter running on the
machine at the machine level. Yes, your reasoning has to why someone would
use ZA behind a NAT router is a valid reason, for what it's worth.


Quoted text here. Click to load it

I don't know. You'll have to ask producers of the products as to why they
don't make this known.

Quoted text here. Click to load it

That's because ZA and the others are not FW solutions. They are machine
level packet filters running at the machine level to protect the O/S and
programs running on the local machine. There is no physical separation of
networks using this type of solution.

The NAT router comes closer to being a FW solution than a single machine
running a PFW, because the NAT router has two interfaces the WAN (Wide Area
Network port), the port that's connect to the Internet (facing the
Internet), and the NAT router has the LAN (Local Area Network ports) ports
facing the LAN that machines connect to behind the router.

You can buy more Network Interface Cards and place them into a computer,
with one NIC connected to the WAN side to the modem facing the Internet and
the other NIC(s) in the machine facing the LAN so that other machine can be
connected to those NIC(s).  They you can buy a host base FW solution a
network FW solution that can control the traffic between the WAN and LAN.

A PFW such as ZA cannot to that and is not consider a FW solution.

A solution such as the one in the link which has some questions with answers
you may want to review and others are host based software FW solutions that
run on gateway computers, using two or more NIC(s) to protect a network.

http://www.vicomsoft.com/knowledge/reference/firewalls1.html

Here is another link that will help you better understand FW(s).

http://www.more.net/technical/netserv/tcpip/firewalls /

Don't get me wrong now as I am not stupid enough to not use a PFW/packet
filter on my machine when it's not behind my FW appliance and it's connected
to the Internet with a direct connection to a modem or to some foreign LAN
like a wireless cafe.  But when the machine is behind my FW appliance, the
PFW is disabled on the machines.


Re: Is there a risk with firewalls?
Dear Mr. Arnold,

Again many thanks for your help and explanations. Your sure are
an angel and I hope you will find time to address some remaining
issues.

Your explanation of the NAT function is very clear and will be
be of interest to many on this forum. There is a question related
to the issue of an unsolicited outgoing call during the vulnerable
period. I would imagine that the probability of such a call must
be very small once the system has been scanned for malware
with a program like AntiVir Guard and nothing has been found.
Am I correct in assuming this? I do of course know that absolute
certainty is a goal which is very difficult to attain and may not
even be required by the average PC user..

What does PFW stand for? Does it stand for Program Fire Wall?

You said:
Quoted text here. Click to load it
solutions.
My response is:
I am not connected to any LAN. Mine is a stand alone PC. The above would
therefore not apply anyway, true or false? Even if it applied I would not
know
how to set rules. So this paragraph does not really apply to my situation.
T/F?

You said:
Quoted text here. Click to load it
not
This raises the question I asked above. Would a system scan with a program
like AntiVir not eliminate this threat with a high degree of probability?

Again thank you
GR.

Quoted text here. Click to load it
useful.
connection
is
inbound
not
solutions.
site
why
the
commercial
one
interface
Area
and
be
answers
that
connected



Re: Is there a risk with firewalls?
NoSpam wrote:

Quoted text here. Click to load it


This is no forum, this is Usenet. A huge difference.

Quoted text here. Click to load it


What a bullshit. How should AntiVir find malware which doesn't want to be
found? Exactly not at all!

Quoted text here. Click to load it


Did you mean "impossible"? Or maybe "not even reliably"?

Quoted text here. Click to load it



No, how should it? You really seem to be living in a dream world...

Re: Is there a risk with firewalls?
Sebastian G. wrote:
Quoted text here. Click to load it

So what's this 'huge difference', Seb-mate? Do tell!

Jim Ford

Re: Is there a risk with firewalls?
Dear Sebastian,

I am beginning to doubt that you wish to engage in a serious discussion.

First you seem to be making a lot of a surmised difference between usenet
and a forum. Such a difference may exist in some people's mind, but it is
very clear what was meant and at any rate any difference between usenet
and a forum will have no impact on our subject of discussion. It is a red
herring which you are tyring to plant.

Next you doubt the effectiveness of antiviral programs by stating that
they will not find malware if the malware does not want to be found.
Since malware does not want to be found are you implying that a large
percentage of antiviral programs is of no use? If you do not wish to
imply that, please say so. If you do imply it, please back it up with more
than the surmise, that that which does not want to be detected, will not
be detected.

Thank you for trying and I hope that from now on you will andere zum
Narren halten.

GR.


Quoted text here. Click to load it
probability?
Quoted text here. Click to load it



Re: Is there a risk with firewalls?
NoSpam wrote:


Quoted text here. Click to load it


Yes and no. Your assumption that most malware doesn't want to be found is
pretty wrong today, as strange as this might sound.

Quoted text here. Click to load it



Simple: Virus scanners detect malware by signature. Malware can transform
its own code to expose any pattern.

Why exactly do you think that only stupid malware would have abused your
security vulnerability?

Re: Is there a risk with firewalls?
Quoted text here. Click to load it

And you just figured that you - SG and his group of zealots never really
provide anything other than diversions and arguments.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?
void@nowhere.lan says...
Quoted text here. Click to load it

Crap - brain working faster than fingers. Should have typed "figured
that out"

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?
You are nothing but a rude and obnoxious two bit bastard that knows no end
to being an ass-hole.


Re: Is there a risk with firewalls?

Quoted text here. Click to load it


Malware can circumvent such a solution easily. Those types of solutions are
dependent upon a signature file as an example. If it's not something that's
recognizable, like a zero day exploit -- never has been seen before, then
it's going to be missed by such solutions. Malware can set itself up if it
gets on the machine so that an anti-malware solution cannot detect it or not
easily.

That's why I like to use other tools like Active Port or CurrPort, Process
Explorer and other such solutions and go look around from time to time to
see what is running.

http://preview.tinyurl.com/klw1


Quoted text here. Click to load it

To be honest, the average PC user doesn't have a *clue*  about it, none. And
that;s part of the problem is that average PC users are ignorant of the
issues. Most of them really don't care that much, either. They just want to
turn the computer on and go/use it, without thinking about what he or she is
doing.

Quoted text here. Click to load it

Personal Fire Wall
Quoted text here. Click to load it


False. Your computer is directly connected to the WAN (Wide Area
Network)/Internet. You should be even more concern with this type of
connection.

Quoted text here. Click to load it

Well, you need to learn how to set rules.  And this is what this NG is here
for is to  help you do that. But that's what this NG use to be, but because
of one person I can think of in the NG and others, they chase people off or
potential posters don't post period due to the hostility and intimidation by
the few in this NG. It's good to see someone like you that is not
intimidated by them.

Quoted text here. Click to load it

No. It may catch a few things. But then on the other hand, it may not catch
anything due to the reasons I have already given.


Re: Is there a risk with firewalls?
Quoted text here. Click to load it

"Running Processes" would be a more fitting translation. If I read this
correctly, then AntiVir Guard scans the memory areas a program's code is
loaded to while the program is being executed.

Quoted text here. Click to load it

Process Explorer only lists processes, it doesn't scan them.

Quoted text here. Click to load it

Malware doesn't turn itself on.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Site Timeline