Page 2 of 10 FirstFirst 1234 ... LastLast
Results 11 to 20 of 98

Thread: Is it worth to install Firewall in home pc?

  1. #11
    catch, I work with so called CISSP "experts" who have those 5 little initials after there names and still cant figure out how to add a network printer to there computer. So I guess I'm saying that a piece of paper is just that... a piece of paper.

  2. #12
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    catch....am I to understand that leaving my box online 24/7 totally unprotected is the right thing to do? Are you telling me that there are no unscrupulous individuals out there who might try to hijack my box and use it as cover while commiting their nefarious activities on the net? Is that what you are saying?
    Al
    It isn't paranoia when you KNOW they're out to get you...

  3. #13
    Senior Member
    Join Date
    Sep 2003
    Posts
    137
    I live under the principle that spend enough time and effort to protect what assets you think you need or want to protect.

    For instance, if you have a ton of games, girlfriends numbers, top secret plans, or anything YOU think is important, it is worth spending as much as you think is resonable to protect them from getting into hands that they do not belong in....simple concept, but that concept is what servers many business decisions when it comes to network security.....as should it be used for private information as well.

    Look at what you are willing to accept as a loss...and then ask yourself should i spend more money on protecting it.....in the real world this is called.. RISK ANALYSIS.

    My boss runs software that he thinks is fine cause no one uses it.....and no one will try to attack it because its so old...I sit back ...laugh...and then smack him in the back of the head to wake him up....a resource is a resource....and we should protect those that are most important to us, as well as what were are "required" to protect by law.

    So in your situation..a free firewall from zone alarm may be enough for you..but you really need to ask yourself how important your data is and how much you should spend to protect it..

    *steps down from soap box :-)
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"
    -Kruptos

  4. #14
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Originally posted here by Xavier_Amadeus
    catch, I work with so called CISSP "experts" who have those 5 little initials after there names and still cant figure out how to add a network printer to there computer. So I guess I'm saying that a piece of paper is just that... a piece of paper.
    Installing a network printer has as much to do with being a CISSP as wearing matching colored socks has to do with being a nuclear physicist.

    At least a CISSP would understand basic security principals. Things like security = level of assurance and consequently a simpelr system is more secure then a complicated one.

    Also, CISSP != "expert" it equals someone with a basic knowledge of at least seven of the ten security domains.

    Originally posted here by allenb1963
    catch....am I to understand that leaving my box online 24/7 totally unprotected is the right thing to do? Are you telling me that there are no unscrupulous individuals out there who might try to hijack my box and use it as cover while commiting their nefarious activities on the net? Is that what you are saying?
    Did I say leave you computer totally unprotected? No, I said that firewalls have two uses and neither one of those happen to be appropriate for the situation at hand. As such a firewall would be a waste of resources. (Time, effort, and system resources)

  5. #15
    Catch, I kindly urge you to stop and continue this fight else where with people on PM's. This is slowly turning into a flame war, and I would ONCE AGAIN rather not see a good parent post obliterated by another forum flaming session.

    Please, everyone set their anger aside, step outside for a moment, and let the heat die down. We can all continue this in a civil discussion without insults and blindsideness. For the sake of the parent...

  6. #16
    Banned
    Join Date
    May 2003
    Posts
    1,004
    So basically I am asked to shut up and just smile and nod in public?

    Wanna know something about firewalls? Most banks do NOT use them on exposed servers, why? Because they know that firewalls are ONLY for the two uses I stated above, neither of which is appropriate.

    You don't like my opinion on the subject? That is fine, we can disagree, but defend it if you do and don't tell users to ignore me. Also, if you disagree, you might want to start putting your money in an old mayo jar cause odds are I've had security related input where you bank.

    The real point is, the original poster asked if it is worth it, I said no, you said yes and to disregard me.

    catch

  7. #17
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    For the most part I can agree with Catch's assertion that unneccessary additions to a system can bring about instabilities and/or more points of failure and and consequently decrease security instead of inreasing it, however I do think the statement "a simpler system is more secure than a complicated one" is ridiculous on more levels than I have time to discuss, so back to the matter at hand. Catch also pointed out 2 of the main reasons for having a firewall, and although I would agree with his reasoning I would say the average joe might(probably) want a firewall for reason #1 (1. Filtering ports, either by packet type or data content.) and
    Here is why: by default Windows DOES have services running, and quite a few of them at that. Some of which do not like being disabled. (As Pooh mentioned - Pooh: A touch or irony,didnt you and I have this very discussion before with you on the other side? ). Can these all be disabled and mitigate the need for a firewall and possibly make you more secure? Sure they can. Does JohnHACK know how? Probably not or he wouldnt be asking this question. Will disabling these services affect Mr.HACK's use of his machine? They sure might, theres no telling what he does with his machine and although disabling the services may make it more secure and suitable for internet connectivity it may not make it as much fun. Heres the rub, when in pursuit of security do not lose sight of other key aspects of your network such as usability(ease of) and functionality. For a home user who is not interested in learning the finer ins-and-outs of TCP/IP why not purchase a nice little software firewall, and save yourself the trouble of reading net send spam on how to get the hard-on of your dreams?

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  8. #18
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmm,

    I have a feeling that we have some sematic differences here?

    At least a CISSP would understand basic security principals. Things like security = level of assurance and consequently a simpelr system is more secure then a complicated one.
    A simpler system is certainly more "stable" (in theory) and a stable system is "safer" (in theory). That does not mean that both statements belong in the same equation.

    "The driest martini is an empty glass" and I have the safest system in the world..........the bits are still in their boxes?

    JOHN has raised an interesting point, but no-one seems to have raised the crucial aspect of the environment in which the machine is being used? From previous discussions with JOHN I know that he deals with a lot of computer illiterate people, as I frequently do. Catch and pooh obviously work in very professional environments, and there is a world of difference.

    JOHN and I will encounter machines where the AV hasn't been updated for two years and the thing hasn't been defragmented since it was purchased. In those situations you have to try to create an environment that is as secure and user maintenance free as possible?

    On the other hand, I would not normally consider putting a firewall on all 1200 PCs at work? It is a different environment..............and has a different practical solution.

    I have used the internet for years without a firewall, and came to no harm, but there were no "network aware" malwares then.............there are now..............times have changed, and so has our environment.

    I somehow doubt if catch or pooh would argue against the installation of parental control software..........to protect your young family against paedophilic grooming, pornography and so on?...........yet it is an added overhead and an added complexity?

    just my thoughts

  9. #19
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Maybe I'm a tad pissy right now..... But wasn't this a dumb question in the first place?

    Catch vs Pooh..... Time to leave..... Catch won't stop and Pooh will get pissy himself and will claim to want to end the conversation.... but he'll keep coming back.....

    Girls.... Play nice, and please don't do anything you wouldn't have "grammy" do on her machine.....

    Kids....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #20
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Security violations are a result of one of two conditions being true:

    1. Flawed security model
    2. Flawed security model implementation

    In both of these situations simpler does equal more secure (so long as the minimum functionality is maintained). For #1 a simpler security model is more feasible to prove. For #2, this is basically just coding and or configuration issues, the smaller the security surface area is, the simpler it is to verify correctness. Hence high security systems use a security kernel to control all access from a minimalistic central point. Obviously taking this to the extremes of something so simple it is not functional is beyond the spirit of the conversation.

    The other argument about good enough security, dumb users, default ports, etc. is a valid one, however I try to keep my responses educational... if he wants a solution he is going to need to provide FAR more information. (assets, asset values, threats, full system details, acceptable annual losses, etc)

    I work under the assumption that people come here to learn and to be entertained. What is going to get you thinking more and be more entertaining?:

    "Run Zone Alarm."

    "Firewalls are really only useful for X & Y, in your situation you might want to try Z, which might seem odd to you, but keep in mind systems where cost is no concern do it this way, so why not learn about that than the standard cheap "good enough" home and corporate solutions that everyone already knows about."

    Some people appreciate my different than normal approach to security concerns, others don't and like to attack me as if I'd say things that are so unpopular as "Windows is more secure than Linux" or "Hardened by default is bad" or "Firewalls typically detract more from security than add to it" without the ability to back them up. If you can take value from what I say, great. If you have further questions about what I say, great. (I've got tons of follow up reading material on pretty much all topics I speak on) If you find no value in what I say, I am sorry... but attacking me about it isn't going to change anything.

    catch

    Edit to add: So what if this is above a "normal" user's head, how are they supposed to learn? never be pressed to think and just fall into the habbits of the flock?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •