[Klug-general] Linux to offer a paradigm-shift in computer security

MacGyveR macgyver at thedumbterminal.co.uk
Wed Nov 28 21:11:09 GMT 2007


On Wednesday 28 November 2007 19:11, Karl Lattimer wrote:
> On Wed, 2007-11-28 at 18:55 +0000, Peter Childs wrote:
> > On 28/11/2007, Karl Lattimer <karl at qdh.org.uk> wrote:
> >
> >         On Wed, 2007-11-28 at 15:34 +0000, Peter Childs wrote:
> >         > On 28/11/2007, Karl Lattimer <karl at qdh.org.uk> wrote:
> >         >         OK, this is bad advice ^^ see bad advice... The
> >
> >         firewall in
> >
> >         >         windows is
> >         >         the only thing stopping the slammer worm and a bunch
> >
> >         of
> >
> >         >         others. Don't
> >         >         switch it off because it is added bloat!!!! It
> >
> >         isn't, the
> >
> >         >         standard
> >         >         windows firewall is an adequate solution its not
> >
> >         ideal but it
> >
> >         >         WORKS for
> >         >         the purposes it is intended, protecting windows'
> >
> >         penchant for
> >
> >         >         opening
> >         >         ports on LAN networks.
> >         >
> >         >
> >         > If its a worm the virus protection should have stopped it. A
> >
> >         Firewall
> >
> >         > will not stop a worm.
> >
> >         The biggest load of shit I've ever heard!!!!
> >
> >         A WORM/REMOTE EXPLOIT CAN ATTACK USING A BUFFER OVERFLOW
> >         EXPLOIT AGAINST
> >         AN OPEN PORT FOR INSTANCE, A FIREWALL BLOCKS THIS INITIAL
> >         ATTACK RATHER
> >         THAN REMOVING THE MALWARE AFTER INFECTION HAS TAKEN PLACE!
> >
> >         Anti-virus is a damage limitation tool (and by no means
> >         perfect,
> >         generally leaving a few twitching tendrils of malware), not an
> >         active
> >         interrogator of incoming traffic like DEEP PACKET INSPECTION,
> >         firewalls
> >         ultimately prevent services being exploited in the most part
> >         by blocking
> >         access to certain ports.
> >
> >         > A firewall is a dedicated appliance, or software running on
> >
> >         another
> >
> >         > computer, which inspects network traffic passing through it,
> >
> >         and
> >
> >         > denies or permits passage based on a set of rules.
> >
> >         appliance meaning... a computer with software in it? And why
> >         does it
> >         need to be dedicated? I mean if my web server is in a DMZ its
> >         gonna have
> >         ip tables on it!
> >
> >         > see http://en.wikipedia.org/wiki/Firewall_(networking)
> >
> >         Of course, you get all your knowledge regarding firewalls
> >         from
> >         wikipedia, not erm... I dunno Cisco internetworking systems
> >         (great free
> >         as in beer book) or the netfilter mailing list, or the
> >         countless white
> >         papers on IP Tables you've read.
> >
> >
> > Actually this is what I was taught at University. Its the standard
> > definition of a firewall.
>
> Well that's funny, I was taught it was a method or system for
> controlling incoming and outgoing traffic based on TCP/IP header
> information.
>
> Notice the ambiguous "method or system", but the very unambiguous
> declaration of its purpose.
>
> Regardless of the definition, you have such a skewed understanding of
> the purpose of a firewall or the details of malware that it is important
> to clarify these points.
>
> Someone can walk away from you with a hand grenade, it can go one of two
> ways, you told them to leave the pin in, or you said it doesn't matter
> if the pin is in or not, and in reality its just a waste of metal.
>
> > Just like not all things people call viruses are in fact viruses they
> > may be worms, trojan horses etc etc but all covered by what is a now a
> > standard tool that protects against many things.
> >
> > All I'm trying to say is that most windows firewall software is badly
> > set up and usually people just blindly click Yes when asked.
>
> You keep referring to other software, the trick is to use the standard
> windows firewall, it has a sensible policy and doesn't actually harass
> you. Well unless you're using vista! but still I don't think it
> questions you about incoming traffic
>
> > If used properly its a useful too but most people don't understand whats
> > what...
>
> Please realise giving people advice to turn their firewall off because
> its a waste of resources is very very bad advice. Especially if people
> turn to you for help, even if a firewall is using resources it is not a
> waste. The trick is to use the right tool for the job, not one of these
> over-featured GUI tools that cost $$$.
>
> However even an over-featured GUI tool is better than NOT HAVING A
> FIREWALL! Stating that worms attack via a method that cannot be
> prevented by using a firewall is also bad information to be passing over
> to someone.
>
> K,
>
>
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent

basically a host based firewall (locally installed firewall) gives a end user 
too much control and as most end users are not security experts there will be 
mis-configurations. Different OS's offer different levels of protection as 
they ship with different services turned on which can reduce the attack 
vectors, after that it is down to the config or.....

A correctly installed firewall on the network on a separate system (linux box 
checkpoint or otherwise). But again the config here will be the main thing..

On all the ports that you allow through such as email or web will need to be 
scanned for malware, some firewalls can look for patterns or receive feeds of 
known attacks. at the end of the day some stuff will get through and then it 
will be down to user education and human error.

i'm a fan of defense in depth approach for reducing attacks, but i think all 
you can do is reduce not stop these things happening.

-- 
--------------------------------
http://www.thedumbterminal.co.uk



More information about the Kent mailing list