IPSEC filter problemo

[flekso]

could someone please take a look at this page (there's a snapshot of my
firewall filter group)

http://members.lycos.co.uk/muhaha1981/

thanks

 

[David Beder [MSFT]]

On one hand, it looks like a decent client side filter list. You've got the
basic services covered. I'd consider adding an exception for DHCP and ICMP
as well.

On the other hand this isn't terribly useful as a firewall. You've opened
all the very-well-known ports...

IPSec is not a firewall technology. Its purpose is to authenticate peers and
typically is also set to make traffic confidential through encryption. By
creating a permit/block type policy, I fear you'd be lulling yourself into a
false sense of security.

To properly firewall a system, one should get a firewall.

 

[flekso]

On one hand, it looks like a decent client side filter list. You've got the
basic services covered. I'd consider adding an exception for DHCP and ICMP
as well.

On the other hand this isn't terribly useful as a firewall. You've opened
all the very-well-known ports...

IPSec is not a firewall technology. Its purpose is to authenticate peers and
typically is also set to make traffic confidential through encryption. By
creating a permit/block type policy, I fear you'd be lulling yourself into a
false sense of security.

To properly firewall a system, one should get a firewall.

thanks for replying,
i've got just a couple more questions:

what do you mean by well known ports, i was under impression that nothing
*useful* can be done through this basic set of ports?

also i'm confused by the 'mirrored' property:
if i have | sourceIP:my | destIP:any | sPORT:any | dPORT:80 |
does mirroring it means that anyIP on port 80 can send packets to any port
on myIP, or... ?

also, can you see anything that stands out in my ftp filter that would
prevent me from establishing PASV connections (PORT works fine)

thanks again