Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Sep 30th, 2008, 7:11pm
   Mischel Internet Security Forum
   Internet Security
   Firewalls (Moderators: Helena, Gavin_Coe, Magnus)
   An excellent place  to  learn about FWs		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: An excellent place  to  learn about FWs  (Read 2054 times)
mozar
Highly Honored Mass-Poster
*******





   


Posts: 1524
An excellent place  to  learn about FWs
« on: Oct 21st, 2003, 8:20pm »		 Quote Quote  Modify Modify
 Hello  ,
 
  Magnus  has  just  created this  new  section  to  discuss  about  FWs .
  We  could  talk  about  Ports , Protocols , Packets , Probes , compare rule-sets  etc.
   Only  thing  of  extreme bad taste  would  be  threads  like  :  "  What  is  the best  FW  in  all the  World ? "  
 
   One more advantage   here  :  *no  censorship*.  If  the administrator or moderator doesn't like the colour of your shoes  your post will not be deleted .
 
  
« Last Edit: Oct 21st, 2003, 8:48pm by mozar » IP Logged
MadAxe
Senior Member
****





   


Gender: male
 Posts: 319
Re: An excellent place  to  learn about FWs
« Reply #1 on: Oct 21st, 2003, 8:58pm »		 Quote Quote  Modify Modify
on Oct 21st, 2003, 8:20pm, mozar wrote:
 Hello  ,
 
  Magnus  has  just  created this  new  section  to  discuss  about  FWs .
  We  could  talk  about  Ports , Protocols , Packets , Probes , compare rule-sets  etc.
   Only  thing  of  extreme bad taste  would  be  threads  like  :  "  What  is  the best  FW  in  all the  World ? "  
 
   One more advantage   here  :  *no  censorship*.  If  the administrator or moderator doesn't like the colour of your shoes  your post will not be deleted .
 
  

 
Sounds great. Let's start off by talking about what is the best FW in all the world  Tongue
IP Logged
ReGen
Veteran
*****




It's because we know, that we care.

   


Gender: male
 Posts: 685
Re: An excellent place  to  learn about FWs
« Reply #2 on: Oct 21st, 2003, 9:21pm »		 Quote Quote  Modify Modify
on Oct 21st, 2003, 8:58pm, MadAxe wrote:

 
Sounds great. Let's start off by talking about what is the best FW in all the world  Tongue

LOL. The firewall that next saves my PC’s bacon I’ll personally consider to be the greatest, and I don’t care which company produces it.
This is a great idea Mozar (Thanks Magnus). Ian will soon be able to increase his post count by at least another 500 with all the firewall testing he's now doing.  Grin
« Last Edit: Oct 21st, 2003, 10:20pm by ReGen » IP Logged
--
ReGen
claire
Stole All the Forum Stars
********



carpe diem

   


Gender: female
 Posts: 3478
Re: An excellent place  to  learn about FWs
« Reply #3 on: Oct 21st, 2003, 10:43pm »		 Quote Quote  Modify Modify
Hi Mozar,
I wonder how much time it took you to convince Magnus to add this forum Wink GrinGreat idea anyway. Smiley
IP Logged
Claire
mozar
Highly Honored Mass-Poster
*******





   


Posts: 1524
Re: An excellent place  to  learn about FWs
« Reply #4 on: Oct 21st, 2003, 10:51pm »		 Quote Quote  Modify Modify
 Around  five  seconds  , Claire .
 
  Isn't  nice  to  have  a  place  that  doesn't  mirror  any FW  vendor and    that  could  be  a  source  to  different firewall   users  learn and  talk  about  their  apps ?
 
  P.S. : And  we  know that Magnus have said in the past that it's not in his projects a " FireHunter ".  
IP Logged
claire
Stole All the Forum Stars
********



carpe diem

   


Gender: female
 Posts: 3478
Re: An excellent place  to  learn about FWs
« Reply #5 on: Oct 21st, 2003, 11:23pm »		 Quote Quote  Modify Modify
I told you you were a real salesman Wink
 
And nobody can assure that Magnus will not change his mind Wink.He is so ggod with computers Grin Smiley
IP Logged
Claire
Jamming
Stole All the Forum Stars
********




Remember when a Trojan was just for protection.

   


Gender: male
 Posts: 2039
Re: An excellent place  to  learn about FWs
« Reply #6 on: Oct 22nd, 2003, 12:57am »		 Quote Quote  Modify Modify
There are four things that I consider important in firewalls, which may vary by the personal preferences.
 
1. Out-bound protection, this I view as one layer of a defense in depth concept for security.
 
2. When the Running Firewall process fails, it fails into a safety position interrupting internet connectivity.
 
3. Packet awareness, either handled by software or personal inspection.
 
4. Component and Process control, that each program that sends data to or from the internet is cleared to act in that capacity.
 
These are my personal views and not to be confused with anyone or anything else.
IP Logged
Team Z Member

Servare cives, major est virtus patriae patri.
- Lucius Annaeus Seneca
I was born an American; I live an American; I shall die an American!
- Daniel Webster
maxqnz
Newbie
*




Walekam salaam, noho ora mai!

   
WWW  

Posts: 26
Re: An excellent place  to  learn about
« Reply #7 on: Oct 22nd, 2003, 1:26am »		 Quote Quote  Modify Modify
on Oct 21st, 2003, 8:58pm, MadAxe wrote:

 
Sounds great. Let's start off by talking about what is the best FW in all the world  Tongue

 
That's easy - the one that works best for you.  Smiley
IP Logged
ओ पालनहारे, तुमरे बिन हमरा कौनों नहीं
What's a pieriansipist?
maxqnz
Newbie
*




Walekam salaam, noho ora mai!

   
WWW  

Posts: 26
Re: An excellent place  to  learn about
« Reply #8 on: Oct 22nd, 2003, 1:27am »		 Quote Quote  Modify Modify
on Oct 22nd, 2003, 12:57am, Jamming wrote:
There are four things that I consider important in firewalls, which may vary by the personal preferences.
 
1. Out-bound protection, this I view as one layer of a defense in depth concept for security.
 
2. When the Running Firewall process fails, it fails into a safety position interrupting internet connectivity.
 
3. Packet awareness, either handled by software or personal inspection.
 
4. Component and Process control, that each program that sends data to or from the internet is cleared to act in that capacity.
 
These are my personal views and not to be confused with anyone or anything else.

 
 
That's a good summary, to which I would only add, related to point 3, the ability to create custom traffic rules.
IP Logged
ओ पालनहारे, तुमरे बिन हमरा कौनों नहीं
What's a pieriansipist?
Jamming
Stole All the Forum Stars
********




Remember when a Trojan was just for protection.

   


Gender: male
 Posts: 2039
Re: An excellent place  to  learn about FWs
« Reply #9 on: Oct 22nd, 2003, 5:04am »		 Quote Quote  Modify Modify
I can agree to that addendum, but lets not agree to often or people will talk again.  Grin
IP Logged
Team Z Member

Servare cives, major est virtus patriae patri.
- Lucius Annaeus Seneca
I was born an American; I live an American; I shall die an American!
- Daniel Webster
MickeyTheMan
Newbie
*






57045244 57045244    
WWW   Email

Gender: male
 Posts: 44
Re: An excellent place  to  learn about FWs
« Reply #10 on: Oct 22nd, 2003, 5:17am »		 Quote Quote  Modify Modify
http://pages.infinit.net/carbo1/firewalls.html
Various info including testing sites for your favourite firewall.
IP Logged
http://mickeytheman.com
8Signs
Newbie
*



I love YaBB 1G - SP1!

   
WWW  

Posts: 11
Re: An excellent place  to  learn about FWs
« Reply #11 on: Oct 24th, 2003, 12:00am »		 Quote Quote  Modify Modify
on Oct 22nd, 2003, 12:57am, Jamming wrote:
There are four things that I consider important in firewalls, which may vary by the personal preferences.
 
1. Out-bound protection, this I view as one layer of a defense in depth concept for security.
(snip)

 
What class(es) of outbound threats do you expect your personal firewall to catch?
 
It would be dangerous to expect it to catch "malware" (i.e. any software that actively tries to circumvent controls) unless the firewall acts like anti-virus or anti-trojan by intercepting all applications before they run and catching and stopping malware from running. Once it runs, your system is (in principle) compromised. It is free to take out a firewall, for example by killing process or (potentially) adding itself to the list of trusted applications.
 
James Grant
IP Logged
Jamming
Stole All the Forum Stars
********




Remember when a Trojan was just for protection.

   


Gender: male
 Posts: 2039
Re: An excellent place  to  learn about FWs
« Reply #12 on: Oct 24th, 2003, 6:03am »		 Quote Quote  Modify Modify
Actually it can neither add nor change the trusted settings in Zone Alarm 4, nor can it take it out without disabling the Internet Connection. This is done via program and component control.  Which is quite capable of disabling outbound traffic through the True Vector (Stateful Packet) Security Engine.  Rules are secondary in the Zone Alarm approach which also detects modification or piggybacking on other programs permissions.
IP Logged
Team Z Member

Servare cives, major est virtus patriae patri.
- Lucius Annaeus Seneca
I was born an American; I live an American; I shall die an American!
- Daniel Webster
8Signs
Newbie
*



I love YaBB 1G - SP1!

   
WWW  

Posts: 11
Re: An excellent place  to  learn about FWs
« Reply #13 on: Oct 24th, 2003, 4:55pm »		 Quote Quote  Modify Modify
If malware is running on the same computer as any other application, it's hard to say with certainty that the malware cannot disrupt the other application. They share the same memory, the same Registry, they can both (in theory) install device drivers.
 
8Signs Firewall installs drivers to hook network traffic. I'm not sure about Zone Alarm, but I know it hooks lower than some other personal firewalls. In fact, it makes an effort to hook lower than any other PFs. If malware did this, it could send and receive data and ZA wouldn't know or be able to stop it.
 
As for not being able to change the trust settings, I'm skeptical. I don't see this as a greater challenge than cracking apps to break the licensing scheme. That happens regularly because of the financial interest. The malware writer is free to load Zone Alarm, observe how it creates, changes and stores its trust settings and figure out how to make changes of its own. Encryption cannot help because both the encryption and decryption happen under the eyes and nose of the walware writer who can find any key or algorithm involved.
 
ConSeal PC Firewall (a few years ago now) used El Gamal to encrypt the license. That's an asymmetric encryption scheme so that Signal 9 could keep the private key and generate licenses and the program needed only the public key to verify it. We expected it would take a long time for anyone to figure it out and probably never make a key generator.
 
We were wrong. It was a matter of months before a key generator appeared. They explained that we used El Gamal and it made any license you wanted.
 
JG
IP Logged
Phant0m``
 Guest

Email
Re: An excellent place  to  learn about FWs
« Reply #14 on: Oct 24th, 2003, 5:47pm »		 Quote Quote  Modify Modify   Remove Remove
Let’s put it this way it loads A driver:
 
Loaded driver Mup.sys
“Loaded driver AMBRIM.sys”
Loaded driver \SystemRoot\System32\DRIVERS\processr.sys
 
And that definitely incredibly low in the process…
 
drivers\AMBRAPP.sys?
 
;P
IP Logged
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register