Idiot firewall question
Posted by: ErikL on 04 October 2004
Are there any good reasons to keep using ZoneAlarm now that I have a router w/ hardware firewall?
Posted on: 06 October 2004 by matthewr
You mean Pingu is Cliff! Crikey, say it ain't so Joe?
NotCliff said "That is another issue altogether"
That was my understanding and was why I couldn't understand what Cliff meant when he seemed to say that a software firewall was a good idea becuase it would help stop passing "wardrivers". ISTM that you do this via encryption and MAC restrictions not via a firewall.
"If the Wardriver hacks your WEP and gets onto your LAN"
If he is capable and determined enough to successfully defeat something as non-trivial as WEP (it's insecure but it still, as I understand it, requires a relatively sophisticated and sustained attack) I would guess you are pretty much fucked and your entire network will be compromised within hours if not minutes, firewall or not.
"Personally I would go for a 3 port firewall with DMZ"
I presented my views on what sort of firewalls are appropriate in typical SOHO contexts earlier. I don't think £500+ 3-port routers and DMZs are particularly appropriate. If you really want tht much security, personally I'd be inclined to buy an old laptop for £150, install LINUX and brush of my knowledge of IPchains.
Matthew
NotCliff said "That is another issue altogether"
That was my understanding and was why I couldn't understand what Cliff meant when he seemed to say that a software firewall was a good idea becuase it would help stop passing "wardrivers". ISTM that you do this via encryption and MAC restrictions not via a firewall.
"If the Wardriver hacks your WEP and gets onto your LAN"
If he is capable and determined enough to successfully defeat something as non-trivial as WEP (it's insecure but it still, as I understand it, requires a relatively sophisticated and sustained attack) I would guess you are pretty much fucked and your entire network will be compromised within hours if not minutes, firewall or not.
"Personally I would go for a 3 port firewall with DMZ"
I presented my views on what sort of firewalls are appropriate in typical SOHO contexts earlier. I don't think £500+ 3-port routers and DMZs are particularly appropriate. If you really want tht much security, personally I'd be inclined to buy an old laptop for £150, install LINUX and brush of my knowledge of IPchains.
Matthew
Posted on: 06 October 2004 by woody
The ZDnet article is written by a "Microsoft security expert". Oh dear 
-- woody
-- woody
Posted on: 07 October 2004 by pingu
A quick "find" reveals that "Inter Alia" has been used by me once, Cliff 4 times (twice in 2004 and twice in 2000) plus Vuk (once), Chris Dolan once, Nigel Cavendish (once), Carl Leermakers (once) and "headline"
so perhaps I'm one of them (or maybe I should say it's ^B^B^^B its obvious)
n'est-ce pas
so perhaps I'm one of them (or maybe I should say it's ^B^B^^B its obvious)
n'est-ce pas
Posted on: 07 October 2004 by matthewr
"The ZDnet article is written by a "Microsoft security expert". Oh dear"
Microsoft has plenty of world class, highly conscientious security experts. Indeed they employ lots of extremely clever people in all areas and at all levels of the organisation.
Matthew
Microsoft has plenty of world class, highly conscientious security experts. Indeed they employ lots of extremely clever people in all areas and at all levels of the organisation.
Matthew
Posted on: 07 October 2004 by Joe Petrik
pingu,
And semper ubi sub ubi is Latin for "always wear underwear" -- well, sort of. (I'm waiting for the ideal time to work that into a post.)
OK, but Vuk's use of inter alia doesn't count because he was quoting Cliff. Besides, when Vuk is being pompous he uses French.
Joe
quote:
Inter alia is just latin for amongst others
And semper ubi sub ubi is Latin for "always wear underwear" -- well, sort of. (I'm waiting for the ideal time to work that into a post.)
quote:
A quick "find" reveals that "Inter Alia" has been used by me once, Cliff 4 times (twice in 2004 and twice in 2000) plus Vuk (once), Chris Dolan once, Nigel Cavendish (once), Carl Leermakers (once) and "headline"
OK, but Vuk's use of inter alia doesn't count because he was quoting Cliff. Besides, when Vuk is being pompous he uses French.
Joe
Posted on: 07 October 2004 by matthewr
"a good firewall should block *ALL* unwanted TCP/IP traffic"
Quite. What I don't understand is how it an tell the difference between wanted TCP/IP traffic from me on my computer and unwanted TCP/IP traffic from another computer on my LAN being used by an EvilHacker.
I don't know what your LAN's like, but mine allows things like RPC, DCOM, etc. as well, that's what it's for.
"The purpose of encryption is to make data hard to read, it doesn't stop the inbound traffic per se"
Really? It's my understanding that if you cannot defeat the encryption you cannot connect at all -- which is why I am confused when you say a firewall will help with respect to "wardrivers".
Surely in the 7 Layer model, WEP is down the bottom at the same (logical) level as physical cabling and well below TCP/IP. So firewall's just don't come into it.
Matthew
Quite. What I don't understand is how it an tell the difference between wanted TCP/IP traffic from me on my computer and unwanted TCP/IP traffic from another computer on my LAN being used by an EvilHacker.
I don't know what your LAN's like, but mine allows things like RPC, DCOM, etc. as well, that's what it's for.
"The purpose of encryption is to make data hard to read, it doesn't stop the inbound traffic per se"
Really? It's my understanding that if you cannot defeat the encryption you cannot connect at all -- which is why I am confused when you say a firewall will help with respect to "wardrivers".
Surely in the 7 Layer model, WEP is down the bottom at the same (logical) level as physical cabling and well below TCP/IP. So firewall's just don't come into it.
Matthew
Posted on: 07 October 2004 by Roy T
An example of Drive By Hacking from the sunny USA, it could be you next!
Posted on: 07 October 2004 by Joe Petrik
Cliff,
Its, erm, I mean, it's so obvious who pingu is. ;-)
(By the way, it really doesn't matter to me who pingu is. For all I know, "pingu" could be, well, pingu. I just get a kick out of playing detective... and contributing nothing of value to hi-fi fora.)
Joe
quote:
So Pingu must be Vuk, right ???
Its, erm, I mean, it's so obvious who pingu is. ;-)
(By the way, it really doesn't matter to me who pingu is. For all I know, "pingu" could be, well, pingu. I just get a kick out of playing detective... and contributing nothing of value to hi-fi fora.)
Joe
Posted on: 08 October 2004 by Mekon
I just plugged my laptop into someone elses plug socket. Check it out, I am hacking the national grid.
Posted on: 08 October 2004 by matthewr
r3spect d00d. U is l33t.
m477h3uu
m477h3uu
Posted on: 14 October 2004 by ejl
I'm not getting all these wardriver worries. Have you people abandoned basic saftey precautions like moats?
I'd have thought hundreds of years of brutal wars would have taught you Europeans never to let anyone so close to your place that they could hack your wlan.
I don't have a moat. But setting up my new wifi this week, I realized that wardrivers have two options:
i. approach from the front on foot, pc and antenna in hand, crossing several hundred yards of field and wood in plain view.
ii. approach from the back through the waist-deep swamp.
I was initially worried about (ii), especially since reception is much better in back. Then I remembered that the reason I don't go in the swamp is all the cottonmouths (rumors of 'gators too -- haven't seen one though). So I'll see how brave those little hacker f*ckers are.
Moats and venomous snake-infested swamps. Home wlan security solutions are timeless and simple. Yet so few use them....
I'd have thought hundreds of years of brutal wars would have taught you Europeans never to let anyone so close to your place that they could hack your wlan.
I don't have a moat. But setting up my new wifi this week, I realized that wardrivers have two options:
i. approach from the front on foot, pc and antenna in hand, crossing several hundred yards of field and wood in plain view.
ii. approach from the back through the waist-deep swamp.
I was initially worried about (ii), especially since reception is much better in back. Then I remembered that the reason I don't go in the swamp is all the cottonmouths (rumors of 'gators too -- haven't seen one though). So I'll see how brave those little hacker f*ckers are.
Moats and venomous snake-infested swamps. Home wlan security solutions are timeless and simple. Yet so few use them....