Avira's firewall
in [Firewalls]
|
From: gufus on 8 Apr 2010 15:58 Hello, Jimmy! You wrote on Thu, 08 Apr 2010 04:31:14 GMT: | I wouldn't recommend a software based firewall on a server! Go out and | buy a hardware device like from WatchGuard, Fortinet, Juniper etc... | 'k -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca
From: gufus on 8 Apr 2010 16:07 Hello, Rick! You wrote on Thu, 08 Apr 2010 14:07:41 -0400: >> I wouldn't recommend a software based firewall on a server! Go out and >> buy a hardware device like from WatchGuard, Fortinet, Juniper etc... >> | | i have heard that recommendation many times and do not dispute it, but | assuming that the s/w firewall comes up first during boot up, WHY would | you insist on not having a s/w firewall on a server? | Good question. -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca
From: gufus on 9 Apr 2010 20:27 Hello, Ansgar! You wrote on 8 Apr 2010 13:27:41 GMT: | | The Windows Firewall is perfectly fine for blocking inbound connections. | Outbound connections can't be controlled reliably anyway, not to mention | that once they happen, the system already has been compromised. | Duly noted. -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca
From: Ansgar -59cobalt- Wiechers on 11 Apr 2010 08:41 Benji Z-Man <khormin(a)bigpond.com> wrote: > On 08/04/10 23:27, Ansgar -59cobalt- Wiechers wrote: >> Benji Z-Man<khormin(a)bigpond.com> wrote: >>> On 08/04/10 21:50, schtebo wrote: >>>> I think default Firewall from Microsoft should do it for us all. >>> >>> Ktchk- are you insane? >> >> This coming from someone who recommended Sygate, of all things. A >> firewall with well-known critical design flaws, like running an >> interactive service with SYSTEM privileges. > > Honestly did not know that. Anything else you can point out about it, > then? And where I can verify that? Get some window of the software in question (configuration, notifi- cation, whatever). Use a tool like Spy++ to identify the process that window belongs to. Check the process list to find the process and its owner (the account it's been started under). This should never be SYSTEM (or any other privileged account). For a better understanding of the underlying problem check these links: http://en.wikipedia.org/wiki/Shatter_attack http://support.microsoft.com/kb/327618 http://msdn.microsoft.com/en-us/library/ms683502.aspx cu 59cobalt -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich
From: Ansgar -59cobalt- Wiechers on 11 Apr 2010 08:46
gufus <stop.nospam.gbbsg(a)shaw.ca> wrote: > You wrote on Thu, 08 Apr 2010 14:07:41 -0400: >>> I wouldn't recommend a software based firewall on a server! Go out and >>> buy a hardware device like from WatchGuard, Fortinet, Juniper etc... > > | i have heard that recommendation many times and do not dispute it, but > | assuming that the s/w firewall comes up first during boot up, WHY would > | you insist on not having a s/w firewall on a server? > > Good question. Actually, no. It's a rather stupid question. A good question would be: why would anyone in his right mind insist on HAVING a sofware firewall on a server? Open ports on a server need to be open, because otherwise the server would be unable to provide its services (which would render it rather futile). You cannot block access to ports that need to be accessible. cu 59cobalt -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich |