From: hazz
To: phoenix22
Posted: Thu Jul 24, 2003 5:10 am
Subject: Stand alone firewall
Excuse my ignorance... but I read your post in an article re: software firewalls & how they are, and in the future likely to be insecure, as I'm just starting to read into network protocols & security, I was hoping you could briefly explain how stand alone firewalls offer better control.

For example I've noted that a internet browser is a 2 way window, allowing unauthorised communication to flow via an authorised applications firewall privelages... see following excerpt, "So I went the SetWindowsHookEx route. If I created a DLL that waited until it spotted itself being used by your web browser I could be assured that if I created a network communication channel at that point I'd be safe from detection because at that point in time I was in the process space of the browser and thus almost certainly trusted by the firewall. I could probably communicate out on the network using any TCP port but there might be some paranoid users who've set their firewall rules to only allow their web browser to talk over specific ports. But TCP port 80 was pretty much guaranteed. " ,
< http://keir.net/firehole.html >.

Would a hardware firewall, provide defense against such an attack

Incidently........unless I allow outbound traffic ........it ain't goin' no where....and that is according to Mr. Gibsons....Leaktest.exe.....firewalls of the soft type have changed a whole bunch since 2k. The 2k3 models are effective enough IMO to avoid attack damage..........

Using Hooks will not work against a firewall program that checks component level integrity unless you give the .DLL permission to connect to the internet.

I think that the concept of a layered defense is what it offers, if someone bypasses my hardware firewall I still have another line of defense. I am sure there are others that I am not thinking of at the moment, when I think of them I will post back if the thread is still active.

I think the real issue is what problems are you most concerned about, not which solution has the least potential flaws.

For example, I've never had a problem (as far as I know) due to an inbound connection, or due to email attachments (I'm cautious, and also use a text only email client). However, I periodically find applications that I installed had spyware, or attempt to make outbound connections that I do not approve of.

So in my case sticking with a software firewall is a no-brainer since either solution seems adequate to protect me from the internet, and a hardware firewall by definition can't help me with the only problems I've actually seen.

Well at the time I could get a router for 49$ and if I got one with a built in firewall it was 64$, so I said what the heck. Of course those were my prices from a distributor not what was on the retail market at the time.

If your dealing with a corporate rollout of desktops, in other words... you have a specified, tested, stable & secure environment... I'm thinking you can identify outstanding weaknesses/problems of concern and address them through security policy, software & hardware protection (firewalls etc).

But when you're just a pc node on a wild west type network like the internet... where the pc user is likely to have a broad dynamic desktop environment, ranging from chat, p2p, eCommerce & gaming a solution that presents the least possible flaws may be the best alternative... so you need only focus on remaining weaknesses, if applicable to your pc environment.

Of course I'm writing this with a fair streak of paranoia & little network know-how... as for most of us, most material on our drives is of non-commercial nature. But identity theft & financial theft remain a growing threat. So I like the idea that a router provides a first line of defense hardware firewall & a software firewall (especially with sandbox functionality) puts tighter control over applications (marketing & trojan) calling home.

you are right about ID Theft.....read this from today's WPost.....

/t5133-Identity_Crisis_Theft_Very_Long_InDepth_and_Good.html

Great article... in the guy's own words what a "nightmare".
Networking & digital info not only increases business productivity... it provides greater opportunity for misuse.

Limiting access & distribution seems to still apply.

Forgive me, guys, if I screw up, but this is my first post. I just installed a Linksys router and also have NIS. There are websites I can't reach ("Page Cannot Be Displayed" message) unless I disable Norton firewall. Will the router still protect me while I've got Norton disabled?

I think I've probably spent the last week tweaking everything Norton has to offer in their firewall from privacy settings to Home Networking. The Parental Control is off in the antivirus section. In fact, I couldn't even get to this site without disabling the firewall...as well as Linksys.com and wilderssecurity.com and others. The router is not at fault as I have disabled it and went straight through the cable modem...same problem. I'm about to give up! Just tried to submit this and couldn't until I disabled the firewall!!

I don't use it, so I can't help with config.

Did a quick search... seems your not alone.
http://www.experts-exchange.com/Security/Firewalls/Q_20410070.html

Hardware firewall will likely be enough offering good protection from external attack... against intruders using port scanners to gain access & detecting intrusion attempts. There are plenty of security sites offering a firewall assessment scan - looking for unfiltered ports.

If your really keen on privacy, you may have reason to get a software firewall or other application to alert you when a program is trying to connect to the internet.

If you havn't given up on making it work yet, I'd suggest you re-post your problem under your own new title "NIS problem" here & on Wilders... see if others that use it can help... I'm assuming you've exhausted Norton's support/FAQ etc.

Good luck.javascript:emoticon('')