Avira's firewall
in [Anti-Virus]
|
Prev: "Antivirus Suite" malware
Next: Golden Rule of the WWW:
From: gufus on 11 Apr 2010 15:22 Hello, FromTheRafters! You wrote on Sat, 10 Apr 2010 21:02:37 -0400: | | | So, you are considering a dedicated device running protocol filtering as | well as NAT and SPI? Like I said, /not/ a easy answer, security is provided in layers of multiple smaller forms of security. A software firewall is just 1 (one) layer of security. | -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca
From: FromTheRafters on 11 Apr 2010 16:59 "gufus" <stop.nospam.gbbsg(a)shaw.ca> wrote in message news:Mjpwn.248463$Dv7.74237(a)newsfe17.iad... > Hello, FromTheRafters! > > You wrote on Sat, 10 Apr 2010 21:02:37 -0400: > > | | > | So, you are considering a dedicated device running protocol > filtering as > | well as NAT and SPI? > > Like I said, /not/ a easy answer, security is provided in layers of > multiple smaller forms of security. A software firewall is just 1 > (one) layer of security. An application firewall (personal firewall) is not really secure, but it is better than nothing. Highly recommended, especially if you may use the "protected" computer at times without a *real* software or hardware firewall. One thing I am getting at is in order for you to "trust" your firewall to do inbound/outbound protocol filtering etcetera, it *cannot* be running on the system that it hopes to protect. If you want application and/or process control (not really a firewall thing) you will want to have the filtering done locally.
From: gufus on 11 Apr 2010 17:37 Hello, FromTheRafters! You wrote on Sun, 11 Apr 2010 16:59:03 -0400: FL>> Like I said, /not/ a easy answer, security is provided in layers of FL>> multiple smaller forms of security. A software firewall is just 1 FL>> (one) layer of security. | | One thing I am getting at is in order for you to "trust" your firewall | to do inbound/outbound protocol filtering etcetera, it *cannot* be | running on the system that it hopes to protect. If you want application So.. filter at the network boundary. No need to filter yet again on the server. .... Right? -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca
From: FromTheRafters on 11 Apr 2010 19:40 "gufus" <stop.nospam.gbbsg(a)shaw.ca> wrote in message news:Girwn.52422$Ht4.49256(a)newsfe20.iad... > Hello, FromTheRafters! > > You wrote on Sun, 11 Apr 2010 16:59:03 -0400: > > FL>> Like I said, /not/ a easy answer, security is provided in layers > of > FL>> multiple smaller forms of security. A software firewall is just > 1 > FL>> (one) layer of security. > | > | One thing I am getting at is in order for you to "trust" your > firewall > | to do inbound/outbound protocol filtering etcetera, it *cannot* be > | running on the system that it hopes to protect. If you want > application > > So.. filter at the network boundary. No need to filter yet again on > the server. > ... > Right? Right, a firewall belongs in between what you protect, and what you protect it from. Some *features* of firewalls can be implemented locally, but they will be somewhat less trustworthy.
From: gufus on 11 Apr 2010 19:49
Hello, FromTheRafters! You wrote on Sun, 11 Apr 2010 19:40:24 -0400: FL>> So.. filter at the network boundary. No need to filter yet again on FL>> the server. FL>> ... FL>> Right? | | Right, a firewall belongs in between what you protect, and what you | protect it from. Some *features* of firewalls can be implemented | locally, but they will be somewhat less trustworthy. | That's easy to understand. -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca |