Avira's firewall

  • Thread starter Thread starter gufus
  • Start date Start date
Hello, FromTheRafters!

You wrote on Thu, 8 Apr 2010 20:36:05 -0400:

FL>> Good question, one that works, and... and....
|
| Can you tell me, in your own words, what a firewall does when it "works,
| and... and...."?
|
That's /not/ a easy answer. :-)
 
gufus said:
Hello, FromTheRafters!

You wrote on Thu, 8 Apr 2010 20:36:05 -0400:

FL>> Good question, one that works, and... and....
|
| Can you tell me, in your own words, what a firewall does when it
"works,
| and... and...."?
|
That's /not/ a easy answer. :-)
Click to expand...

I appreciate that...

....take your time...

:o)
 
Hello, FromTheRafters!

You wrote on Sat, 10 Apr 2010 18:39:26 -0400:

|
| I appreciate that...
|
| ...take your time...
|

Some things to consider... egads!
Protocols:
TCP
UDP
IP
ICMP
SHTTP
HTTP
POP
POP3
SMPT
IPv4
IPv6

port range 1-1056

|
 
gufus said:
Hello, FromTheRafters!

You wrote on Sat, 10 Apr 2010 18:39:26 -0400:

|
| I appreciate that...
|
| ...take your time...
|

Some things to consider... egads!
Protocols:
TCP
UDP
IP
ICMP
SHTTP
HTTP
POP
POP3
SMPT
IPv4
IPv6

port range 1-1056
Click to expand...

So, you are considering a dedicated device running protocol filtering as
well as NAT and SPI?

Maybe this would be of interest?

http://www.vicomsoft.com/knowledge/reference/firewalls1.html

Once you have a dedicated device (computer?) you can even traverse OSI
layers and, for example, render the contents of POP3 e-mail and scan an
attachment for viruses. This increases overhead on the device, but won't
slow down the end user's machine.
 
Hello, FromTheRafters!

You wrote on Sat, 10 Apr 2010 21:02:37 -0400:

| |
| So, you are considering a dedicated device running protocol filtering as
| well as NAT and SPI?

Like I said, /not/ a easy answer, security is provided in layers of multiple
smaller forms of security. A software firewall is just 1 (one) layer of
security.

|
 
gufus said:
Hello, FromTheRafters!

You wrote on Sat, 10 Apr 2010 21:02:37 -0400:

| |
| So, you are considering a dedicated device running protocol
filtering as
| well as NAT and SPI?

Like I said, /not/ a easy answer, security is provided in layers of
multiple smaller forms of security. A software firewall is just 1
(one) layer of security.
Click to expand...

An application firewall (personal firewall) is not really secure, but it
is better than nothing. Highly recommended, especially if you may use
the "protected" computer at times without a *real* software or hardware
firewall.

One thing I am getting at is in order for you to "trust" your firewall
to do inbound/outbound protocol filtering etcetera, it *cannot* be
running on the system that it hopes to protect. If you want application
and/or process control (not really a firewall thing) you will want to
have the filtering done locally.
 
Hello, FromTheRafters!

You wrote on Sun, 11 Apr 2010 16:59:03 -0400:

FL>> Like I said, /not/ a easy answer, security is provided in layers of
FL>> multiple smaller forms of security. A software firewall is just 1
FL>> (one) layer of security.
|
| One thing I am getting at is in order for you to "trust" your firewall
| to do inbound/outbound protocol filtering etcetera, it *cannot* be
| running on the system that it hopes to protect. If you want application

So.. filter at the network boundary. No need to filter yet again on the
server.
....
Right?
 
gufus said:
Hello, FromTheRafters!

You wrote on Sun, 11 Apr 2010 16:59:03 -0400:

FL>> Like I said, /not/ a easy answer, security is provided in layers
of
FL>> multiple smaller forms of security. A software firewall is just
1
FL>> (one) layer of security.
|
| One thing I am getting at is in order for you to "trust" your
firewall
| to do inbound/outbound protocol filtering etcetera, it *cannot* be
| running on the system that it hopes to protect. If you want
application

So.. filter at the network boundary. No need to filter yet again on
the server.
...
Right?
Click to expand...

Right, a firewall belongs in between what you protect, and what you
protect it from. Some *features* of firewalls can be implemented
locally, but they will be somewhat less trustworthy.
 
Hello, FromTheRafters!

You wrote on Sun, 11 Apr 2010 19:40:24 -0400:

FL>> So.. filter at the network boundary. No need to filter yet again on
FL>> the server.
FL>> ...
FL>> Right?
|
| Right, a firewall belongs in between what you protect, and what you
| protect it from. Some *features* of firewalls can be implemented
| locally, but they will be somewhat less trustworthy.
|

That's easy to understand.
 
Back
Top