Firewalls
17 posts
• Page 1 of 2 • 1, 2
by Rotoman » Fri Mar 05, 2004 10:01 am
I use Zone Alarm and love it. Don't know anything about BlackIce.
Athlon 3200, Radeon 9800Pro, 2 Gig DDR400 RAM, Audigy Gamer, SB 5.1 speakers, NEC 17" monitor.
Die....then quit.
Die....then quit.
- SKID MARK
by SKID MARK » Fri Mar 05, 2004 3:45 pm
I agree w/ arcinator. 2 firewalls should not run on the same machine. I use norton firewall and think it does its job well. There are a few site to do a test on how your firewall performs. I had Black Ice on a recommendation and regretted it. It never seemed to work correctly. I had problems last year with McAfee on an office machine and are not familliar with Zone Alarm. Good Luck.
- LordShard
by LordShard » Fri Mar 05, 2004 4:22 pm
I heard zone alarm had allota back doors and security issues so that is why I dun use it. I am currently using norton and I asked a net tech about running 2 or more software firewalls and he said to go for it. I'm currently working on finishing my linux (half-assed award of the year) box from my old crummy parts and use it as a firewall also. I just know I'm getting hack an assload and need more protection. and it's obvious whn 30 thousand invalid TCP flags are sent to you and suddenly your CPU uisa maxxed out when your nbot doing nothing but unplug the cat5 cable and it starts working again.
evuntually I want to finish my firewall box and use it as a hardware and software firewall and an IP mask to change my IP to something random. then get a good router with a good hardware firewall and keep using my norton firewall and if possible get anouther.
What do you guys think about the overall plan I have?
evuntually I want to finish my firewall box and use it as a hardware and software firewall and an IP mask to change my IP to something random. then get a good router with a good hardware firewall and keep using my norton firewall and if possible get anouther.
What do you guys think about the overall plan I have?
by Chacal » Fri Mar 05, 2004 5:41 pm
Getting attacked is entirely normal, especially if you have ports open. That is easily taken care of with a hardware router/firewall with all ports closed. That's your first step, install one right now. It will protect your entire network against low-level attacks and flooding.
Your Linux system will act as a second line of defense to your internal network. It is more discriminating than your hardware firewall. It can do more advanced firewalling, like stateful and proxy. It can be used to filter in/out traffic, while your hardware FW isn't very useful for filtering outbound traffic. You can set up a DMZ, or area of low protection, for any servers you want to expose to the outside, like a Web server, FTP server, etc. More importantly if you're curious about security, it can be used for intrusion detection, traffic analysis, etc.
Your Norton firewall protects one single computer. It's your last line of defense. The Norton Internet Security product offers many other functions, like Trojan detection, alerting, etc. It also integrates Virus protection, spam filtering, ad blocking, etc. Stay away from BlackIce. And whoever told you to install 2 products on the same PC lacks basic knowledge.
Now, that's only network-level security. You also need to harden your OS, both Linux on the FW and Windows on your PC. Start by applying all patches and updates, then look for some OS-hardening tips. Microsoft has some guidelines. Basically, you need to disable all unneeded services and secure the services you keep.
Now, that was only tech-level security! There are 2 other big components in security, and you MUST have a global view. Applying only technological solutions is the most common mistake. You need to address these 2 levels as well:
PEOPLE - the human factor is the weakest link. All those firewalls do nothing if you still blindly open any attachment you receive from the Internet or download cracked warez.. You need to follow commonly accepted good practices.
PROCESS - installing protections is a good start, but then you need to keep them up-to-date. You need to implement some processes like:
- weekly antivirus auto-update
- weekly automatic virus scan
- weekly Windows update
- daily and weekly automatic data backup
- weekly transportation od backup media off-site
- periodical log inspection
- periodical security audit (external scan)
- encryption of sensitive files
- etc.
Your Linux system will act as a second line of defense to your internal network. It is more discriminating than your hardware firewall. It can do more advanced firewalling, like stateful and proxy. It can be used to filter in/out traffic, while your hardware FW isn't very useful for filtering outbound traffic. You can set up a DMZ, or area of low protection, for any servers you want to expose to the outside, like a Web server, FTP server, etc. More importantly if you're curious about security, it can be used for intrusion detection, traffic analysis, etc.
Your Norton firewall protects one single computer. It's your last line of defense. The Norton Internet Security product offers many other functions, like Trojan detection, alerting, etc. It also integrates Virus protection, spam filtering, ad blocking, etc. Stay away from BlackIce. And whoever told you to install 2 products on the same PC lacks basic knowledge.
Now, that's only network-level security. You also need to harden your OS, both Linux on the FW and Windows on your PC. Start by applying all patches and updates, then look for some OS-hardening tips. Microsoft has some guidelines. Basically, you need to disable all unneeded services and secure the services you keep.
Now, that was only tech-level security! There are 2 other big components in security, and you MUST have a global view. Applying only technological solutions is the most common mistake. You need to address these 2 levels as well:
PEOPLE - the human factor is the weakest link. All those firewalls do nothing if you still blindly open any attachment you receive from the Internet or download cracked warez.. You need to follow commonly accepted good practices.
PROCESS - installing protections is a good start, but then you need to keep them up-to-date. You need to implement some processes like:
- weekly antivirus auto-update
- weekly automatic virus scan
- weekly Windows update
- daily and weekly automatic data backup
- weekly transportation od backup media off-site
- periodical log inspection
- periodical security audit (external scan)
- encryption of sensitive files
- etc.
- CrazyBri
by CrazyBri » Fri Mar 05, 2004 6:29 pm
@Chacal - very helpful as always! excellent tips 
here's my 2 cents
It is not disastrous to run 1 hardware and 1 software firewall but running 2 software firewalls is definitely asking for issues.
A hardware firewall is best for preventing unwanted incoming packets but if you have a virus, worm or trojan that your AV software didn't catch it's helpful to have the software firewall to protect you from the problematic outgoing packets. (ie your bandwidth being hijacked to aid in a DOS attack)
here's my 2 cents
It is not disastrous to run 1 hardware and 1 software firewall but running 2 software firewalls is definitely asking for issues.
A hardware firewall is best for preventing unwanted incoming packets but if you have a virus, worm or trojan that your AV software didn't catch it's helpful to have the software firewall to protect you from the problematic outgoing packets. (ie your bandwidth being hijacked to aid in a DOS attack)
- SavageParrot
-
- Posts: 10599
- Joined: Wed Mar 19, 2003 5:42 pm
- Location: Cheltenham, England
by SavageParrot » Fri Mar 05, 2004 6:46 pm
Originally posted by Chacal
many other functions, like Trojan detection
Te he he, Trojan like the condom.
by -HaVoC- » Fri Mar 05, 2004 6:55 pm
I have run blackice as my software firewall for years without an issue. I recommend it.
-
"Now, if things look bad, and it looks like your not going to make it, then you've got to get mean, I mean plum mad dog mean, 'cause if you lose your head and give up then you neither live nor win, and that's just the way it is."
- The Outlaw Josey Wales -
put me on the team that Harry aint on....I sure miss shooting him and if im on the same team as HaVoC...OMFG we will stomp a mudhole in you and walk it dry.
- YaDad -
"Now, if things look bad, and it looks like your not going to make it, then you've got to get mean, I mean plum mad dog mean, 'cause if you lose your head and give up then you neither live nor win, and that's just the way it is."
- The Outlaw Josey Wales -
put me on the team that Harry aint on....I sure miss shooting him and if im on the same team as HaVoC...OMFG we will stomp a mudhole in you and walk it dry.
- YaDad -
by RCglider » Fri Mar 05, 2004 7:19 pm
For personal firewalls:
I don't know what newer versions of Norton are like, but older ones were horrible and failed many tests. I was able to get past it quite easily. The same for BlackIce. Zone Alarm actually is quite secure for the novice or those that want auto-configure, but it's not a true firewall in the purest sense. It still allows a lot of M$ junk out if you don't know how to set it up manually.
I use Agnitum Outpost Pro and it works great. Jammer is a nice addition if you're really paranoid or prone to download less than reputable files. They have a forum that can answer any questions you may have concerning their products. I believe they have a free version as well.
One thing to remember is to connect to the internet directly to your pc when running tests of your firewall. If you are using a router, this can give false positives for stealth detection tests. Once done with the tests, reconnect to your router.
Bottom line: no matter what you use, you need to still set up rules to block (stealth actually) certain ports. There are many references available about this.
I don't know what newer versions of Norton are like, but older ones were horrible and failed many tests. I was able to get past it quite easily. The same for BlackIce. Zone Alarm actually is quite secure for the novice or those that want auto-configure, but it's not a true firewall in the purest sense. It still allows a lot of M$ junk out if you don't know how to set it up manually.
I use Agnitum Outpost Pro and it works great. Jammer is a nice addition if you're really paranoid or prone to download less than reputable files. They have a forum that can answer any questions you may have concerning their products. I believe they have a free version as well.
One thing to remember is to connect to the internet directly to your pc when running tests of your firewall. If you are using a router, this can give false positives for stealth detection tests. Once done with the tests, reconnect to your router.
Bottom line: no matter what you use, you need to still set up rules to block (stealth actually) certain ports. There are many references available about this.
- LordShard
by LordShard » Sat Mar 06, 2004 9:17 am
Thanks guys. THat helps allot. I've only started taking classes to become a network engineer, but haven't actually gotten to ANYTHING about security yet.
I use windows 98 so microsoft doesn't release anything for it anymore, except IE6 patches, and I get those ASAP because I know IE6 is still a security issue even though I use opera. But How do I remove unwanted servuices like telnet? I went to add/remove windows components and didn't see telnet, but I have all these disabled
Dial-up ATM
Dial-UP networkoing
Dial-up server
Direct cable connection
Hyper terminal
Phone Dialer
VPN
Internet connection sharing
microsoft wallet
personall web server
Web-based enterprise Management
Group p[olicies
All of the above are disabled but I didbn't see where to disable telnet, and I don't have my win98 disk anymore, and I have been meaning to get a router for a long time.
ABout routers are there any specific protocals like WEPs and/or major bandname like lynksys that I should get? I also hear WEPs is easily cracked.
I'm lookin for anouther job and even if I don't get anouther I can still buy a router at the start of next month. I'm just paranoid as hell because I know for a fact I have been hacked at least 2 times.
I use windows 98 so microsoft doesn't release anything for it anymore, except IE6 patches, and I get those ASAP because I know IE6 is still a security issue even though I use opera. But How do I remove unwanted servuices like telnet? I went to add/remove windows components and didn't see telnet, but I have all these disabled
Dial-up ATM
Dial-UP networkoing
Dial-up server
Direct cable connection
Hyper terminal
Phone Dialer
VPN
Internet connection sharing
microsoft wallet
personall web server
Web-based enterprise Management
Group p[olicies
All of the above are disabled but I didbn't see where to disable telnet, and I don't have my win98 disk anymore, and I have been meaning to get a router for a long time.
ABout routers are there any specific protocals like WEPs and/or major bandname like lynksys that I should get? I also hear WEPs is easily cracked.
I'm lookin for anouther job and even if I don't get anouther I can still buy a router at the start of next month. I'm just paranoid as hell because I know for a fact I have been hacked at least 2 times.
by Chacal » Sat Mar 06, 2004 9:26 am
Windows 98 is mostly client-only. It doesn't have a telnet service. It has a telnet client but that's not dangerous. The only services you should check are:
- file sharing
- personal web server
also you should disable Netbios over TCP/IP.
- file sharing
- personal web server
also you should disable Netbios over TCP/IP.
Chacal
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
17 posts
• Page 1 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 20 guests