Philip,
I personnaly am not very keen on the "personal firewall" thingies.
But you just can't expect a person to install a relative good FW
running on a Linux box or *BSD. (although it's not that easy).
Although I don't know the winroute product I think it's still limited.
I like the idea "Open only the ports which you need to do your work
for outbound and inbound traffic". The personal firewall packages
blocks (standard) everything originating from the internet and permits
everything originating from the local network. Some personal firewalls
are able to do soem filtering but thats very limited. As I read it you block
some specific ports originating from your internal network.
Like I said. I would set up my rulebase to block every port which
I don't see is usefull for my network. There are numberous potential
ways to compromise your internal network through your server that
is accessable through the internet. And just installing the latest SP's
and hotfixes isn;t just enough to have a secure setup. You have to do
some auditing on your box to prevent a user to compromise your system
and install trojans / shell access to hack your box or use it as a "zombie"
or other kind of attacks on other systems.
And because you permit all kinds of outbound traffic they can use any
port other then you block to go onto the internet. Because you don't
do any filtering they can run traffic over all kind of ports that are
normally
used for, for example http traffic (port 80).
Although there are some issues in your setup. It would make it a bit
harder to penetrate your network for the real scriptkid. But it's not
definately
a fool- / bulletproof setup. And installing a Linux based system isn't going
to be the solution if you don't harden it and set up a correct and more
strict
rulebase.
Regards,
Brenno
> -----Original Message-----
> From: Phillip Askey [SMTP:[EMAIL PROTECTED]]
> Sent: dinsdag 29 mei 2001 6:52
> To: [EMAIL PROTECTED]
> Subject: How Secure am I?
>
> I have been monitoring this list for about 6 months now. I am by no means
> a
> security expert, but I have some knowledge on the topic. I wanted to
> describe my setup and see what type of attacks could get to my inside
> network or what vulnerabilities exist. I am debating on going with a
> Linux
> OS/firewall solution if my setup stinks. I wanted to hear everyone's
> advice
> first. First of all, this is a home network with non critical data on my
> workstations.
>
> I have a product called Winroute 4.1 running on a WindozeNT 4.0 SP6a
> Workstation. The product information can be found at www.winroute.com In
> addition to winroute, I also have BlackICE defender installed on the same
> box. I did this because the winroute logging is weak. I have a cable
> modem
> assigning me a DHCP address to my outside public NIC and I have another
> NIC
> with my internal private IP address. I am doing NAT on the private IP
> address. I have a few rules enabled to filter outbound traffic. The
> outbound ports being blocked are 44333, 135, 139, 5631, 5632. By default
> all inbound traffic is denied. I also have a Windows Advanced Server that
> runs DNS, web page and ftp server. I setup port mapping for 21, and 80
> to
> go to the internal IP address of the server. I have latest IIS patches
> and
> OS security patches. Three other workstations are on my internal network
> which all use my internal DNS server and go out through the winroute box.
>
> The setup I have is dirt cheap, but is it also a piece of crap? I can not
> afford to setup a PIX here at the house FYI :)
>
> Are personal firewalls easily compromised or will they block most
> attempts?
>
> Also, is there any thing that I can be doing to enhance what I have with
> the
> limited tools?
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
