> Using just Windows packet filtering is not enough, it is stateless
> and doesn't offer much protection. It is better than nothing at all,
> but not much more.
It is sufficient. If you are suffering from attacks that start messing
with for instance syn flags *and* are subtle enough to pass the
router, you have bigger problems anyway.
> Here is my estimate of the security your windows box:
> 1 no firewall at all
> 2 using MS build-in packet filter
> 3 personal firewall
> 4 using a router with a firewall
> 5 using "real" firewall that is statefull on common OS
> 6 using "real" firewall that is statefull on dedicated OS
> 7 using "real" proxy firewall on common OS
> 8 using "real" proxy firewall on dedicated OS
I would swap 2 and 3.
Also, 4 to 8 might have different positions depending on what you are
ranking exactly. I would rank a Cisco router with dedicated hardware
firewall blades a bit higher as a "real" firewall on common OS.
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
