N
newswatcher
Thanks, badgolferman (wow, that's hard... 
).
I'll do just that...
).I'll do just that...
D
Duane Arnold
newswatcher said:
You're welcomed and go to where you're supposed to go which is to the
O/S and secure it and don't depend upon the PFW solution like some kind
of crutch, with a direct connection to the Internet.
If you can, you should supplement the PFW with IPsec, which I
implemented the AnalogX policy rules and made my adjustments to it. You
should be able to do the same on XP Home by implementing the IPsec SP2
tools, which I don't have to do as I use the IPsec GUI on XP Pro.
Here is another link for you. You should look around on the machine with
the tools in the link and see what is happening for yourself from time
to time and don't depend upon that PFW to tell you what is happening
like a crutch that can be easily circumvented and defeated.
Other than that and if you can, you should put the machine behind the
protection of cheap NAT router, which you can be supplemented with a
host based packet filter like ZA, IPsec or others that can stop inbound
or outbound to/from the machine.
Again, IPsec is only a supplemental solution.
Long
http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html
Short
http://tinyurl.com/klw1
The buck stops at the O/S and not some PFW or AV solution.
BTW, I use NOD32 on all my Windows NT based machines. ;-)
Duane
D
Duane Arnold
edgewalker said:Not useless, but they aren't really firewalls because they don't sit
"between" two networks thus compartmentalizing them. They have
the feature set of some firewalls (sans firewalling) which can still be
useful to you for controlling traffic such as control of what applications
you want to allow to access the internet.
The PFW can't see traffic that isn't already on the machine and thus cannot hope
to prevent that traffic from reaching the machine. It's like having an armed guard
to prevent intruders from entering your home - stationed in the upstairs bathroom.
You think you're confused now, wait until the PFW you end up with
starts alerting you to the presence of internet noise attacks.
I like that part about the guard in the bathroom. And the guard is on
the tolit reading the news paper too. LOL
Duane
J
jimbo
Duane said:Dial-up NAT routers are rare. In your case, someone will have to
recommend a PFW/machine level packet filter solution to you. I am forced
to use one on this XP laptop while on the road as I am using on dial-up
right now. But I cannot recommend a PFW/machine level packet filter
solution to you -- none.
Sorry!
Duane
D-Link DI-804HV has dial up and all of the hardware firewall Op should
need.
jimbo
K
kurt wismer
Duane said:
that wasn't my intention, duane... you said you couldn't recommend one,
that someone else would have to recommend one and that the only reason
you use one now is because you're forced to...
if you're ok with someone else recommending a pwf to him but can't do so
yourself, to me that "can't" sounds like "unable" not "unwilling"...
K
kurt wismer
edgewalker wrote:
[snip]
that's really a mischaracterization... it's more like having the armed
guard on the inside of the front door instead of on the outside of the
front door... he can do something about most intruders but only after
they open the door...
[snip]
that's really a mischaracterization... it's more like having the armed
guard on the inside of the front door instead of on the outside of the
front door... he can do something about most intruders but only after
they open the door...
N
newswatcher
....so the bathroom and toilet and newspaper is a misconception
D
Duane Arnold
kurt said:
It was not that I can't do anything or unable to do anything. But
rather, I don't respect them anymore and I have moved past the PFW stage.
However, when forced to use one because I have no other choice like on
this dial-up, which I am not buying a router for that as I am on the
move, or connecting to a LAN that's not my home network LAN, then I will
use one.
Other than that, I have no use for a PFW solution and I won't recommend
one of them to anyone.
Maybe, this was a mis-understanding and you're not trash. ;-)
Duane
E
edgewalker
kurt wismer said:
You noticed that too eh?
)I was going to say just inside as opposed to just outside, but thought the upstairs
bathroom station better illustrated the point through exaggeration. That point
being that the intruder is already, technically speaking, "inside" the house when
confronted. We have seen security apps actually reduce security in this manner
before, and in other cases seen the app circumvented so it now only provides
a false sense of security.