Loading ...
Sorry, an error occurred while loading the content.

Re: [NTO] XP FIREWALL

Expand Messages
  • Alan C
    On Jan 10, 2008 11:15 AM, Alan C wrote: Another point to mention is running with user versus administrator ... Theoretically, if a user
    Message 1 of 14 , Jan 10, 2008
    • 0 Attachment
      On Jan 10, 2008 11:15 AM, Alan C <acummingsus@...> wrote:

      Another point to mention is running with user versus administrator
      > privileges.


      Theoretically, if a user is not allowed to install software (not even to a
      user area of the disk) *and* if the user is not whatsoever allowed to change
      any web browser security related settings.

      Then, if the administrator (with a very secure admin password) had
      adequately and sufficiently and securely enough "set up the machine for this
      user" then the built in XP firewall should suffice alright (for this user)
      given this case scenario. *And* that the administrator rarely, if ever,
      logs on (does so only when needed for sys maintenance).

      Linux is natively already oriented towards just such a case scenario as what
      I just mentioned. Windows, on the other hand, for ages, ran contrary to my
      mentioned case scenario.

      Bill Gates for the longest time said "people want usability over security".

      Thus the (Win) default account being the administrator privileged account.

      AFAIK the native Linux firewall does just what (the same as) the built in
      Win XP firewall does.

      I think a person would need to purchase commercial software for their Linux
      so as to get the type of checking that (for instance) Zone Alarm does
      (monitoring of applications that might seek to do outbound request).

      Linux is natively locked down like my mentioned case scenario whereby
      "nothing illegitimate can get installed" and therefore there will be no
      illegitimate outbound requests which makes it so that there is no need to
      monitor apps that potentially can do outbound requests.

      Perhaps I've been partially in the wrong by not (not enough anyways)
      attempting to admin my friend's Win XP so as to make their Win comply with
      my mentioned case scenario or what I've termed as the "Linux is natively
      locked down." (takes too much time [need to learn etc.] is the excuse so
      far for not making their Win to be like my mentioned case scenario or Like
      Linux with respect to the security model).

      --
      Alan.


      [Non-text portions of this message have been removed]
    • Gerard Huijing
      ... This remark re WinXP native firewall and Linux firewalls may be a bit confusing, but maybe you mean something quite different than what the message appears
      Message 2 of 14 , Jan 13, 2008
      • 0 Attachment
        Alan C wrote:
        >
        > AFAIK the native Linux firewall does just what (the same as) the built in
        > Win XP firewall does.
        >


        This remark re WinXP native firewall and Linux firewalls may be a bit
        confusing, but maybe you mean something quite different than what the
        message appears to say.

        The firewalls in the Linux distributions I know of come with a set of
        preconfigured rules that regulate both incoming and outgoing traffic. In
        other words, they are two-way firewalls and Windows' own firewall, in XP
        at least, is not. This the reason why I have immediately switched it off
        and use a proper (software) firewall instead, in my case Agnitum Outpost.

        Cheers,
        Gerard
        --
        Gerard (E.G.P.) Huijing
        2312 ZD Leiden
        Netherlands
        inboxgen@...
      • Alan C
        ... ? ... What Linux distros are you refer to since I know some distro that do not even ship with a firewall (one must provide their own firewall). I use
        Message 3 of 14 , Jan 13, 2008
        • 0 Attachment
          On Jan 13, 2008 6:52 AM, Gerard Huijing <inboxgen@...> wrote:

          > Alan C wrote:
          > >
          > > AFAIK the native Linux firewall does just what (the same as) the built
          > in
          > > Win XP firewall does.
          > >
          >
          >
          > This remark re WinXP native firewall and Linux firewalls may be a bit
          > confusing, but maybe you mean something quite different than what the
          > message appears to say.
          >
          > The firewalls in the Linux distributions I know of come with a set of
          > preconfigured rules that regulate both incoming and outgoing traffic. In
          > other words, they are two-way firewalls and Windows' own firewall, in XP
          > at least, is not. This the reason why I have immediately switched it off
          > and use a proper


          ?


          > (software) firewall instead, in my case Agnitum Outpost.


          What Linux distros are you refer to since I know some distro that do not
          even ship with a firewall (one must provide their own firewall).

          I use Slackware and Debian. And I maintain a CentOS 4.6 box for my friends.

          Ok, I should have limited my comment in my former post, more specifically to
          "Linux distros that I myself use" because what I said now absolutely
          applies.

          proper? I definitely agree with you on that one for Win XP but not for the
          Linux distros that I use.

          What's "proper" is what's needed according to the overall or bigger picture
          context.

          Perhaps you missed my point?

          My point was: if it's not even possible for something illegitimate to get
          installed -- then -- there will never ever be any illegitimate outbound
          requests therefore a "proper" firewall in this case is one with
          characteristics just like the native Win XP firewall since in this (Linux or
          *maybe* a tightened Windows system) case there is no need, not ever, to
          monitor for potential illegitimate as to the or any outbound requesting sort
          of apps

          IOW (due the overall or bigger picture construct, I used the Linux (*distros
          that I use*) security model as an example) if there can't be, not even the
          possibility of illegitimate outbound then there's no need to monitor (using
          firewall) for something that cannot happen.

          Greater separation of user versus root or administrator. Run all the time
          as a "user".

          User is not privileged enough to install software nor alter any www related
          security things.

          User can't do anything but use. For anything else, root or administrator
          must be logged onto. (as in separate accounts to log onto, each of the
          mentioned separate account with drastically different in the way of
          privileges or the amount of power of what is allowed to do).

          So, once again, what sort of firewall is needed is dependent upon how tight
          or how loose you are, security wise, in the mentioned overall or bigger
          picture. That was the point that I was attempting to make.

          But my intention here is not to advocate that "thus and such requires the
          use of (whatever)"

          But, to me, (mainly, anyways, the intention or point that I attempt here to
          get across) that the concept of computer security that there are many many
          components or ingredients that can make for and which can also make for the
          lack of computer security. (a software) Firewall is *only one* of such
          components or ingredients.

          Even the built in Win XP firewall "monitors" outbound -- it does so for the
          purpose to only allow back in what had been initially requested from within
          -- oh, well, too bad if it was an "illegitimate outbound request that was
          initiated from within (no protection)"

          So, such built in XP firewall monitors outbound and inbound.

          So does your mentioned Agnitum.

          The difference is that the Agnitum also monitors for the potential of
          "illegitimate requests that are outbound requests that are initiated from
          within".

          --
          Alan.


          [Non-text portions of this message have been removed]
        • Gerard Huijing
          ... Fedora, and openSUSE. I have used several other distributions in the past (ZenWalk, Vector among others) I will stick to the first two: they have a
          Message 4 of 14 , Jan 13, 2008
          • 0 Attachment
            Alan C wrote:
            >
            >
            > What Linux distros are you refer to since I know some distro that do not
            > even ship with a firewall (one must provide their own firewall).
            >
            > I use Slackware and Debian. And I maintain a CentOS 4.6 box for my friends.

            Fedora, and openSUSE. I have used several other distributions in the
            past (ZenWalk, Vector among others)
            I will stick to the first two: they have a configuration file that
            regulates inbound and outbound traffic. It is configured on the basis
            of choices offered by the install program. ("Do you want this machine to
            provide ftp services?" etc.).

            If I tested my service ports after I had installed (which I alway did),
            e.g. with Gibson Shields Up, the report would be with SUSE: all ports
            stealthed (DROP) except 113 (IDENT) which was closed (REJECT). ICMP echo
            requests from outside to the firewall were rejected. I could choose to
            stealth 113, and change the other rule: DROP the pings). I always did
            that too. Mine is a stand alone PC and I had no problems (although the
            documentation says that changing these settings can have adverse effects).

            When you install SUSE or Fedora that configuration file (essentially a
            script for iptables) is also generated. On those grounds I would say
            that a firewall is in place to start off with.

            > proper? I definitely agree with you on that one for Win XP but not for the
            > Linux distros that I use.

            I used "proper" because I have read so many criticisms of the XP
            firewall saying exactly that: "Yes, indeed XP has its own firewall but
            it's not a *proper* one: it only monitors inbound".

            >
            > What's "proper" is what's needed according to the overall or bigger picture
            > context.

            I quite agree.

            > Even the built in Win XP firewall "monitors" outbound -- it does so for the
            > purpose to only allow back in what had been initially requested from within
            > -- oh, well, too bad if it was an "illegitimate outbound request that was
            > initiated from within (no protection)"

            Precisely! It's the unnoticed illegitimate ones I am worried about.
            Thank you for the more precise description of what is going on in XP
            firewall BTW.

            Your point was, very much in a nutshell: the situation WinXP plus native
            FW is comparable to Linux 'sec' with some essential qualifications
            regarding the whole implementation of the OS, which make Linux so much
            safer to start with.

            I quite agree, again. I know that the situation in ArchLinux or FreeBSD
            is like the one you have in mind. You have to install and configure your
            firewall yourself, from scratch.

            I quite enjoy trying to figure out iptables rules myself (after all I
            can only screw up my own PC), but I am also very happy that openSUSE and
            Fedora give me some safe settings to start off with.


            Cheers,
            Gerard





            --
            Gerard (E.G.P.) Huijing
            2312 ZD Leiden
            Netherlands
            inboxgen@...
          • Alan C
            ... Red Hat 8.0 was my first Linux. Then Red Hat 9.0. Then Fedora Core 1 and 2. Then I tried Slackware 9.0 or 10.0. I liked it. But then I hated it. But
            Message 5 of 14 , Jan 13, 2008
            • 0 Attachment
              On Jan 13, 2008 2:29 PM, Gerard Huijing <inboxgen@...> wrote:

              > Alan C wrote:
              > >
              > >
              > > What Linux distros are you refer to since I know some distro that do not
              > > even ship with a firewall (one must provide their own firewall).
              > >
              > > I use Slackware and Debian. And I maintain a CentOS 4.6 box for my
              > friends.
              >
              > Fedora, and openSUSE. I have used several other distributions in the
              > past (ZenWalk, Vector among others)
              > I will stick to the first two: they have a configuration file that
              > regulates inbound and outbound traffic. It is configured on the basis
              > of choices offered by the install program. ("Do you want this machine to
              > provide ftp services?" etc.).


              Red Hat 8.0 was my first Linux. Then Red Hat 9.0. Then Fedora Core 1 and
              2.

              Then I tried Slackware 9.0 or 10.0. I liked it. But then I hated it. But
              then I liked it.

              It was all about how much Unix/Linux acclimated I was back then.

              Near 2001 'till now be near 7 years since I first began my Linux foray.

              Since Slackware 10.2, Slackware has been my first go to distro (it's
              Slackware 12.0 now) (I no longer have the hate periods -- it's now all "I
              like it").

              It a very fun distro to customize to your own personal liking. (lots of
              community support for this distro). Once got (grasp) Slackware, am now
              acclimated to the Unix/Linux way.

              Slackware ships without a firewall. I use:

              http://www.slackware.com/~alien/efg/

              (rather powerful, loads many security related kernel modules).

              I also use:

              http://firehol.sourceforge.net/

              I once used a Debian package of that one on Debian.

              Debian is just for practice -- to keep me on my toes. I boot it only about
              20% of the time. Slack gets the other 80%.

              My friend's CentOS gives me some akin the direction of Fedora/Red Hat.
              After a while (no rush) I may put Debian or Slackware on my friend's box (so
              I don't have to scratch my head about CentOS things when I work on it).

              <snipped>

              I quite enjoy trying to figure out iptables rules myself (after all I
              > can only screw up my own PC), but I am also very happy that openSUSE and
              > Fedora give me some safe settings to start off with.


              I stay away from iptables rules (never end up with enough time to dedicate
              to it so as to learn it). I'm thankful that many various configurator tools
              for the task exist.

              --
              Alan.


              [Non-text portions of this message have been removed]
            Your message has been successfully submitted and would be delivered to recipients shortly.