Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Spam: Zonealarm+Windows Firewall

from [Jeff Britton, Monitored Security] Network Security [Permanent Link]
Subject: RE: Spam: Zonealarm+Windows Firewall
Date: Tue, 28 Feb 2006 19:17:52 -0000 
I'm sure you can find extreme circumstances where it is beneficial to have both 
firewalls running on the host...and in those circumstances, yes, you may want 
to run two firewalls.

But assuming that he/she is not running an ssh server on Windows, and rather 
just using it as an ordinary workstation for common, everyday tasks, there is 
still not much value added with both firewalls running.

J

-----Original Message-----
From: evb [mailto:swiver@cox.net]
Sent: Monday, February 27, 2006 1:42 PM
To: security-basics@securityfocus.com
Subject: RE: Spam: Zonealarm+Windows Firewall


I wanted to run an SSH server as a Windows service, but open a custom SSh
port via port knocking only when access was needed.  

To do this, I needed the SSH server to be running, but I also needed the
port closed until I came a'knocking.  When I needed SSH access, I could port
knock, open the port, do my business, the port knock to close the port.

ZoneAlarm itself does not appear to allow this: that is, if SSh is running,
the port is open and waiting for connections, or if the port is closed, then
it's because the SSH service isn't bound it the port and therefore can't
accept connections.  

So I chose to run ZA plus the Windows firewall.  Running both simultaneously
allows SSh to bind to the port but still have the port closed for inbound
connections (stealth mode).

So isn't that a good reason to have both?

Eric 
 

:-----Original Message-----
:From: Jeff Britton, Monitored Security 
:[mailto:jeff.britton@monitoredsecurity.com] 
:Sent: Monday, February 27, 2006 8:43 AM
:To: barcajax@gmail.com
:Cc: security-basics@securityfocus.com
:Subject: RE: Spam: Zonealarm+Windows Firewall
:
:I really don't see much value added by running both firewalls 
:on the same host.  In my experience, ZoneAlarm has done a 
:great job monitoring both in and outbound traffic and should 
:be sufficient (considering near-optimal management).  Running 
:a second firewall, such as the Windows Firewall, adds another 
:layer of complexity, but not necessarily another layer of 
:security.  I just don't see it being efficient, from both a 
:performance perspective, as well as from a security perspective.
:
:Jeff
:
:-----Original Message-----
:From: barcajax@gmail.com [mailto:barcajax@gmail.com]
:Sent: Saturday, February 25, 2006 2:16 AM
:To: security-basics@securityfocus.com
:Subject: Spam: Zonealarm+Windows Firewall
:
:
:I have been using Zonealarm for many years. I've only started 
:using Windows Firewall recently after upgrading my XP to SP2. 
:I know that Windows Firewall only filters incoming packets 
:(correct me if I'm wrong) thus I have kept my Zonealarm 
:installed and running.
:What is the implication of running both firewalls 
:concurrently? Does Windows Firewall automatically take 
:precedence over Zonealarm? Does this constitute a 2-tier 
:firewall on my home PC?
:I noticed that Windows Firewall does not notify me before 
:dynamically adding new rules to allow traffic through. This 
:concerns me greatly and I am contemplating turning Windows 
:Firewall off and relying on Zonealarm. Any comments?
:
:---------------------------------------------------------------
:------------
:EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The 
:Norwich University program offers unparalleled Infosec 
:management education and the case study affords you unmatched 
:consulting experience. 
:Tailor your education to your own professional goals with 
:degree customizations including Emergency Management, Business 
:Continuity Planning, Computer Emergency Response Teams, and 
:Digital Investigations. 
:
:http://www.msia.norwich.edu/secfocus
:---------------------------------------------------------------
:------------
:
:
:---------------------------------------------------------------
:------------
:EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The 
:Norwich University program offers unparalleled Infosec 
:management education and the case study affords you unmatched 
:consulting experience. 
:Tailor your education to your own professional goals with 
:degree customizations including Emergency Management, Business 
:Continuity Planning, Computer Emergency Response Teams, and 
:Digital Investigations. 
:
:http://www.msia.norwich.edu/secfocus
:---------------------------------------------------------------
:------------
:


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: How hackers cause damage... was Vulnerabilites in new laws on computer hacking, David Gillett
Next by Date:  SF new article announcement: Zero to IPSec in 4 minutes, Kelly Martin
Previous by Thread:  RE: Spam: Zonealarm+Windows Firewall, evb
Next by Thread:  SF new interview announcement: Spreading security awareness for OS X, Kelly Martin
Indexes:  [Date] [Thread] [Top] [All Lists]