firewalls

firewalls
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
firewalls BassBlonde 02-20-2008
---> Re: firewalls David H. Lipman02-20-2008
| `--> Re: firewalls David H. Lipman02-20-2008
|--> Re: firewalls Stefan Kanthak02-21-2008
---> Re: firewalls David H. Lipman02-21-2008
`--> Re: firewalls Stefan Kanthak02-22-2008
Posted by Stefan Kanthak on February 21, 2008, 10:43 am
If you were  Registered and logged in, you could reply and use other advanced thread options

Watch your line length!

>
> | Which is a better firewall to use ? Norton's or Windows ?
> | I was told in school a few years ago that Windows supplied was the stronger
> | one.
> | Thanks for any advice given.
> | --
> | Lisa
> | All the Worlds a Stage
>
> Norton's is bloated and will bog down your PC.
>
> The Windows XP SP2 FireWall is fine but what is *better* is the use of a
FireWall appliance
> or at the minimum a NAT Router.

NAT is NOT a security feature.

Especially SOHO "NAT" routers can show "funny" behaviour with UDP
oder NAT helper modules which definitively undermines any network
security. Cf. "cone NAT"

See RFC 3489, section "5. NAT Variations", RFC 3022, RFC 2663,
section "4.0. Various flavors of NAT" and verbatim in RFC 2993:

| 9. Security Considerations
|
| NAT (particularly NAPT) actually has the potential to lower
| overall security because it creates the illusion of a security
| barrier

Stefan


Posted by David H. Lipman on February 21, 2008, 5:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

|
| Watch your line length!
|
>>
|>> Which is a better firewall to use ? Norton's or Windows ?
|>> I was told in school a few years ago that Windows supplied was the stronger
|>> one.
|>> Thanks for any advice given.
|>> --
|>> Lisa
|>> All the Worlds a Stage
>>
>> Norton's is bloated and will bog down your PC.
>>
>> The Windows XP SP2 FireWall is fine but what is *better* is the use of a
FireWall
>> appliance or at the minimum a NAT Router.
|
| NAT is NOT a security feature.
|
| Especially SOHO "NAT" routers can show "funny" behaviour with UDP
| oder NAT helper modules which definitively undermines any network
| security. Cf. "cone NAT"
|
| See RFC 3489, section "5. NAT Variations", RFC 3022, RFC 2663,
| section "4.0. Various flavors of NAT" and verbatim in RFC 2993:
|

NAT Routers have simplistic FireWall constructs. With a SOHO NAT Router you can
SPECIFICALLOY block ports such as UDP/TCP posrt 135~139 and 445 which 'IS' a
security
feature. With such a setting NetBIOS over IP will not leak out and NetBIOS over
IP
intrusions will not leak in. A perfecvt example, a Win2K PC behind a NAT Router
(even with
the specifically port blocking not in effect) will not receive Messenger Service
PopUps
emanating from the internet.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Stefan Kanthak on February 22, 2008, 5:35 am
If you were  Registered and logged in, you could reply and use other advanced thread options

>

> >> The Windows XP SP2 FireWall is fine but what is *better* is the use of a
FireWall
> >> appliance or at the minimum a NAT Router.
> |
> | NAT is NOT a security feature.
> |
> | Especially SOHO "NAT" routers can show "funny" behaviour with UDP
> | oder NAT helper modules which definitively undermines any network
> | security. Cf. "cone NAT"
> |
> | See RFC 3489, section "5. NAT Variations", RFC 3022, RFC 2663,
> | section "4.0. Various flavors of NAT" and verbatim in RFC 2993:
> |
>
> NAT Routers have simplistic FireWall constructs.

You are confused/misinformed.
NAT and Filters/Firewalls serve different purposes.
They MAY be combined in one device.

> With a SOHO NAT Router you can
> SPECIFICALLOY block ports such as UDP/TCP posrt 135~139 and 445
> which 'IS' a security feature.

This security feature but does not originate in the NAT function
of these routers, it originates in the (simplicistic) filtering/
firewalling they (typically) provide too.

CAVEAT: most of these SOHO routers "route" incoming UDP pakets to
the source of the last outgoing UDP paket, and they most often have
NAT helper modules to allow FTP or even H.323 (NetMeeting) or SIP.

CAVEAT2: UPnP!

> With such a setting NetBIOS over IP will not leak out and NetBIOS over IP
> intrusions will not leak in.

Does EVERY SOHO NAT router filter OUTGOING CIFS/NetBIOS?
Most of them filter INCOMING CIFS/NetBIOS, but that can be turned off.
And even when turned on, incoming UDP pakets (especially for other
ports) might be delivered to your hosts behind a SOHO NAT router.

> A perfecvt example, a Win2K PC behind a NAT Router (even with
> the specifically port blocking not in effect) will not receive Messenger
Service PopUps
> emanating from the internet.

TCP <> UDP.

A perfect counterexample: my Win2K here wont display Messenger
Service Popups despite a direct connection to the internet.
No, the messenger service is running, and there is no filter
on 135/tcp. The RPC service is but bound to my LAN only, not
to the WAN.

Stefan


Similar ThreadsPosted
Firewalls July 27, 2005, 9:21 am
what are firewalls? March 23, 2006, 8:30 pm
Firewalls March 29, 2006, 8:10 pm
Firewalls May 31, 2006, 10:42 am
firewalls November 15, 2006, 1:16 am
what are firewalls for? December 28, 2006, 5:26 pm
Firewalls January 21, 2007, 4:19 pm
firewalls vs. wireless July 10, 2006, 7:52 pm
the different firewalls and their technical aspects June 17, 2006, 11:23 am
firewalls and vulnerability to TCP/IP crash. July 25, 2006, 8:33 pm

The site map in XML format XML site map

Contact Us | Privacy Policy