Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] PC Firewall Choices

from [Juliao Duartenn] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] PC Firewall Choices
Date: Wed, 18 Jan 2006 10:28:51 +0000 
On Tue, 2006-01-17 at 23:33 -0500, greybrimstone@aim.com wrote:

Thats assuming that malware isn't being designed for that firewall. I'm 
sure you already know that software is software regardless of the 
hardware that it is running on. Likewise a vulnerability is still a 
vulnerability...

I suppose you could r/o the system... but you need to write the confs 
somewhere right?

-Adriel



Configuration on a hardware firewall is usually a pretty stable thing -
you don't go around opening ports at random every day, now do you?

Most modern {linux|bsd} firewall implementations can now run from a
read-only device, namely CD-ROM, and also write their configuration to a
removable device that you can manually set RW or RO - floppy, USB pen,
etc.

Of course, since most implementations mount parts of the filesystem into
RAM, you're still vulnerable to attacks, they are merely non-permanent,
if you reboot you are clean again, albeit with the original hole still
present, i'd say.

There are, of course, solutions for that too, but I still haven't seen
one that really works - meaning that it can detect and prevent tampering
in real-time. The best thing I can remember is running tripwire against
a RO database on CD, but that can still be tampered with. Any thoughts?

Juliao



-----Original Message-----
From: Valdis.Kletnieks@vt.edu
To: Nick Hyatt <me@n33t.org>
Cc: full-disclosure@lists.grok.org.uk
Sent: Tue, 17 Jan 2006 21:08:39 -0500
Subject: Re: [Full-disclosure] PC Firewall Choices

  On Tue, 17 Jan 2006 18:59:52 MST, Nick Hyatt said:

Given the choice between one of those selections and a standard 

Linksys

router / firewall combo, wouldn't it be safer to go with the hardware
firewall? I find the configuration options to be quite a bit more 

in-depth,

and the hardware firewall doesn't get itself as stuck in the system 

as say,

ZA does.


Even more important, a hardware firewall can't be compromised as easily
by malware that's on a host behind the firewall.  It's easy for a 
program
on a PC to tell ZA to look the other way.  It's a little harder for it 
to
tell a hardware firewall to look the other way.

Unless of course, the firewall implements the UPnP "Pants Down!" RPC.. 
;)



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Security Bug in MSVC, Joachim Schipper
Next by Date:  Re: [Full-disclosure] Startup company, Dude VanWinkle
Previous by Thread:  Re: [Full-disclosure] PC Firewall Choices, greybrimstone
Next by Thread:  Re: [Full-disclosure] PC Firewall Choices, Joachim Schipper
Indexes:  [Date] [Thread] [Top] [All Lists]