On Sat, Apr 10, 2010 at 10:20 AM, Brian Lloyd <brian-wb6...@lloyd.com>wrote:
> > > On Sat, Apr 10, 2010 at 9:33 AM, Lazy Senior <lazysen...@verizon.net>wrote: > >> Baloney. >> >> Hardware Firewalls are good. But they protect you only from incoming. >> >> A good software firewall protects incoming and OUTGOING. You will be >> surprised how many programs call "home" after running a software firewall >> that does outgoing. Note that most free Microsoft Firewalls only do >> incoming protection which is useless if you already have a hardware >> Firewall. >> > > A hardware firewall box can also filter and flag outbound traffic. Outgoing > firewalls are needed when a machine has already been compromised and you > want to trap those packets to let you know. A properly-behaving application > does not "phone home". My firewall is one of my primary sources of > information about compromised machines in my networks. > > But there is another side to this -- if the software (firewall) lives in > the same machine that has been compromised, then the software that > compromised the machine can also modify the behavior of the outbound > firewall, thus giving you a false sense of security. The black-hats already > put in code to subvert antivirus programs and software firewalls so you > cannot count on them if they are running on the compromised platform. > > Unlike many, I multitask while using PSDR. I have used both Norton 2010 and >> Comodo Internet Security virus/firewall programs. NEITHER affects PSDR in a >> negative way. >> No I do NOT sit around and use PSDR and run DPC checker, fretting about my >> DPC level. As long as PSDR runs properly I don't care what the DPC level is. >> If DPC's jump up a couple of hundred while going to eham.net I really do >> not care as it does not affect PSDR operation. >> > > Well, we are talking about apples and oranges here. One part is how to > secure the machine and the other part is how to make PSDR run properly. > There is some overlap but they really are different problems. Neal brings up > a significant point and that is that the client machine is the wrong place > to put the firewall. You really need a separate machine to analyze traffic > for signs that indicate that a machine has been compromised. You cannot > count on a compromised machine to tell you it has been compromised. That is > the basic fallacy of the antivirus and firewall software model. (This is > coming from someone who has learned a lot about Internet security from being > in the trenches for over 30 years, including having been one of Mitnick's > victims in the very early '90s.) > > Counting on a compromised computer to report that fact to you is akin to a > store owner basing his anti-theft system on an employee standing at the > front door and asking exiting customers, "did you steal anything?" > > >> >> Use an older pc to protect your home network? Come on be serious. >> > > Absolutely. It works just peachy as a firewall, traffic-shaping, and > activity-reporting engine. When you aren't trying to do high-speed GUI, DSP, > and n-deep layers of backward compatibility, you will find that there are > ample cycles in these older machines to do the job. Remember, this is an > 'enough' problem. You only need enough CPU cycles and enough memory to get > the job done. You can push right up to 100% utilization without any problems > as long as you don't go over. > > Case in point, one of my networks is being protected by a 486-class > machine. I monitor its utilization. So far, no problems and no apparent > delays in spite of the machine doing both firewall and traffic shaping > functions. > > -- > 73 de Brian, WB6RQN/J79BPL > > -- 73 de Brian, WB6RQN/J79BPL _______________________________________________ FlexRadio Systems Mailing List FlexRadio@flex-radio.biz http://mail.flex-radio.biz/mailman/listinfo/flexradio_flex-radio.biz Archives: http://www.mail-archive.com/flexradio%40flex-radio.biz/ Knowledge Base: http://kc.flex-radio.com/ Homepage: http://www.flex-radio.com/
