At 08:41 AM 12/20/00 +0100, J�rgen Nieveler wrote:
>ZoneAlarm will quite happily yell "ALARM" anytime you change something to
>your system, like installing patches, new releases etc., and you'd have to
>start again clicking on those Alert-boxes.
Of course. Certainly all this e-mail on this and the ids mailing list isn't
warranted, is it? What does leaktest tell us?
- We should be selective about what services to allow *outbound* as well as
inbound. We knew that.
- If you allow an outbound service it can be used to make a back connection
from a Trojan Horse program. We knew that. (If you allow FTP outbound then
leaktest will use it and pronounce your firewall to be insecure. Foolishness.)
- Firewalls -- any kind of firewalls -- aren't enough. We knew that.
- IDS systems aren't enough. We knew that.
- You are only as secure as your weakest link. Well, now...
But are firewalls, including personal firewalls, useless? Of course not.
They must be combined with other forms of protection, including user
education, AV software, etc. Are they better than not using them at all?
Arguably, yes, though for sufficiently low risk situations, the differences
approach zero. For others, they would be more measurable.
Fred
Avolio Consulting, Inc.
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
