XP firewall - useful or not?

[DCA]

If I am accessing the Internet through a Netgear MR8914 (thats Blueyonders
version of the MR814)
Seeing as it has firewall protection built in, is there any advantage either
way with using MS XP pro firewall.
Thanks
David

 

[DaveW]

It is ALWAYS better to combine a hardware firewall with a software firewall.
They work in different ways. (Even if the software firewall works in only
one direction, like XP's does.)

 

[Harry]

It is ALWAYS better to combine a hardware firewall with a software firewall.
They work in different ways. (Even if the software firewall works in only
one direction, like XP's does.)

What about something like zonealarm? Does windows firewall and a
router hardware firewall offere enough protection so that something
like Zonealarm is not really needed.

TIA

Harry

 

[JAD]

XP's firewall stops incoming attacks/traffic only. This is ok if your behind
a router. however it is nice to have an 'out going' wall to see what's
trying to connect FROM your machine.(you'll be amazed what's going on,
recently I found that nero phones home when using 'smart start')
I don't use zone alarm any longer as this firewall has gone to a bloated
version of the original and causes weird
system resource problems. FWIW Sygate is what I use now.

 

[Kevin]

XP's firewall stops incoming attacks/traffic only. This is ok if your behind
a router. however it is nice to have an 'out going' wall to see what's
trying to connect FROM your machine.(you'll be amazed what's going on,
recently I found that nero phones home when using 'smart start')
I don't use zone alarm any longer as this firewall has gone to a bloated
version of the original and causes weird
system resource problems. FWIW Sygate is what I use now.

Yea but any malicious program can tunnel through a firewalls outbound
protection so outbound protection is not all that useful. I used to
use Zonealarm, Tiny, Kerio, Sygate etc. but now I just use XP's
firewall along with my router. Less hassle.

 

[JAD]

nothing...tunnels through sygate, less I let it...so says my port
sniffer/traffic watch

 

[J. Eric Durbin]

nothing...tunnels through sygate, less I let it...so says my port
sniffer/traffic watch

You might go have a conversation with Volker Birk
<[email protected]> in comp.security.firewalls.

He claims to have scripts that will defeat any and all software
firewalls.

I, for one, would be interested in the interchange between you two.

From:

http://groups.google.com/group/comp.security.firewalls/msg/7364f232a3a1a21f?dmode=source&hl=en

 

[David Maynard]

nothing...tunnels through sygate, less I let it...so says my port
sniffer/traffic watch

That you're aware of, anyway. And I submit that you can't really know
because, you being a competent geek, no sufficiently pernicious threat
manages to first get *in* the machine in order to test the theory.

 

[JAD]

I have to say that nothing has gotten through, now that doesn't mean that
a commercial network, that has no 'one' person watching the traffic on a 4
client LAN, couldn't be compromised. On this LAN nothing gets through. Now
have I been attacked relentlessly? No, of course not, because the only way
they could see me and begin an attack is if I broadcast an open port. I
never do, If I did, then the port watcher is in place and will klaxon when
there is unauthorized attempt. This has only happened so far when I have
been testing the wall, like you had inferred. Could I keep out someone who
has far more experience and I'm only running a free firewall, most would be
a challenge. However, if I had info and projects that were a national
security risk, I certainly wouldn't be running a home firewall. If I thought
this would be anything more than a who's got the 'bigger dick contest', I
would challenge him, however my question would be, what the hell is someone
like Yako Jackassovich bragging about breaking into someone's HOME computer?
BFD

 

[Kevin]

nothing...tunnels through sygate, less I let it...so says my port
sniffer/traffic watch

That's because you don't have any malicious programs installed that
try too. Hackers can tunnel through a firewalls outbound protection
easily.

 

[JAD]

That's because you don't have any malicious programs installed that
try too. Hackers can tunnel through a firewalls outbound protection
easily.

of course I don't, they can't get here from there

 

[dannysdailys]

While supporting a hardware firewall and a software firewall i
recommend, the Microsoft firewall isn't the one you should be using.
It only monitors inbound traffic. You need something that als
monitors outbound traffic

I'd recommend the free firewall in AOL 9 SE. It was, what Zone Alar
used to be before it became a bloated piece of garbage

I'm sure there are several others

Good luc

 

[David Maynard]

I have to say that nothing has gotten through, now that doesn't mean that
a commercial network, that has no 'one' person watching the traffic on a 4
client LAN, couldn't be compromised. On this LAN nothing gets through. Now
have I been attacked relentlessly? No, of course not, because the only way
they could see me and begin an attack is if I broadcast an open port. I
never do, If I did, then the port watcher is in place and will klaxon when
there is unauthorized attempt. This has only happened so far when I have
been testing the wall, like you had inferred. Could I keep out someone who
has far more experience and I'm only running a free firewall, most would be
a challenge. However, if I had info and projects that were a national
security risk, I certainly wouldn't be running a home firewall. If I thought
this would be anything more than a who's got the 'bigger dick contest', I
would challenge him, however my question would be, what the hell is someone
like Yako Jackassovich bragging about breaking into someone's HOME computer?
BFD

I think you perhaps missed the point. An 'outbound' attack would first have
to get on the machine in order to attack the firewall's outbound block and
if they don't get in then there's been no 'test' of the firewall's outbound
robustness.

'Nothing gets by it (going out)' because nothing has a chance to try to get
by it.

 

[JAD]

I think you perhaps missed the point. An 'outbound' attack would first have
to get on the machine in order to attack the firewall's outbound block and
if they don't get in then there's been no 'test' of the firewall's outbound
robustness.

I myself have tested its effectivness.The biggest part of 'security' is NOT
letting the machine get infected in the first place, no? Security is not
defined by letting something infect a machine, then trying to get rid of it,
nor is it just the ability to detect viruses already in operation. I'm not
sure of where your coming from.

 

[JAD]

I think you perhaps missed the point. An 'outbound' attack would first have
to get on the machine in order to attack the firewall's outbound block and
if they don't get in then there's been no 'test' of the firewall's outbound
robustness.

I myself have tested its effectivness.The biggest part of 'security' is NOT
letting the machine get infected in the first place, no? Security is not
defined by letting something infect a machine, then trying to get rid of it,
nor is it just the ability to detect viruses already in operation. I'm not
sure of where your coming from.

 

[David Maynard]

I myself have tested its effectivness.

Out of curiosity, how? Not that it would mean someone else couldn't invent
a better attack than you've currently thought of.

The biggest part of 'security' is NOT
letting the machine get infected in the first place, no?

That is precisely the point.

Security is not
defined by letting something infect a machine, then trying to get rid of it,
nor is it just the ability to detect viruses already in operation. I'm not
sure of where your coming from.

I'm coming from precisely the summary you just made and then applying it to
your comment that nothing gets 'out' of your firewall.

That suggests a robustness, and level of 'protection', that you simply
can't know because you're correctly doing the kind of security you just
explained: things don't get in. Which means you can't know if there's
something out there that could compromise the firewall's outbound block
because they don't get in to try and you certainly can't know every trick
someone has, or will, invent so you can't even 'simulate' the unknown type
of attack.

What I'm concerned with is the exaggerated emphasis it seems some people
place on 'outbound' in a 'security' context when, as you put quite well,
"Security is not defined by letting something infect a machine." It can,
perhaps, help mitigate but that is like trying to get passengers onto a
couple of lifeboats after you struck the iceberg and it's a 'security'
overstatement to think that lifeboats 'keep the ship afloat'. You do that
by not letting the iceberg in.

 

[JAD]

Out of curiosity, how? Not that it would mean someone else couldn't invent
a better attack than you've currently thought of.


That is precisely the point.


I'm coming from precisely the summary you just made and then applying it to
your comment that nothing gets 'out' of your firewall.

That suggests a robustness, and level of 'protection', that you simply
can't know because you're correctly doing the kind of security you just
explained: things don't get in. Which means you can't know if there's
something out there that could compromise the firewall's outbound block
because they don't get in to try and you certainly can't know every trick
someone has, or will, invent so you can't even 'simulate' the unknown type
of attack.

What I'm concerned with is the exaggerated emphasis it seems some people
place on 'outbound' in a 'security' context when, as you put quite well,
"Security is not defined by letting something infect a machine." It can,
perhaps, help mitigate but that is like trying to get passengers onto a
couple of lifeboats after you struck the iceberg and it's a 'security'
overstatement to think that lifeboats 'keep the ship afloat'. You do that
by not letting the iceberg in.

True and I guess it disqualifies myself as I do not use a FW only, I use
port nannies along with it.
Simply, all 'things' enter or leave via some port......can't happen here,
because ALL my ports, real and virtual are watched along with UDP and TCP
packets with the FW. Most things coming ' in' Are the main concern, however
there are certain software producer that use the 'AUTO update' feature to
check for bogus serials numbers and numerous other things that were not
necessarily agreed upon via the license. I don't think its necessary to
upload known contaminants to your system to check a FW, unless that was my
job and my systems were merely cannon fodder.

 

[Mxsmanic]

If I am accessing the Internet through a Netgear MR8914 (thats Blueyonders
version of the MR814)
Seeing as it has firewall protection built in, is there any advantage either
way with using MS XP pro firewall.

If you have a physically separate firewall such as that and you
configure it properly, running a firewall on Windows adds nothing to
security. Remember that you have to configure it properly, though, so
that _nothing_ gets through.

 

[Mxsmanic]

That's because you don't have any malicious programs installed that
try too. Hackers can tunnel through a firewalls outbound protection
easily.

You cannot protect a computer with a software firewall that is
installed on that same computer. The firewall must either be in
hardware or it must be separate from the computer that is to be
protected.

 

[Conor]

Out of curiosity, how?

Knowing JADs methodology, he went to GRC.com and ran a scan.