April 20th, 2004, 07:28 PM
Firewall in the chipset?
The new nForce3 250Gb Chipset aparently contains its own firewall.
I was just wondering what other people thought of this idea. From the article i read about it there is a software package to control the firewall
The built-in Firewall is controlled by the Network Access Manager. The first screen shows the Network Access Manager Setup Screen. From here you can setup your Ethernet,, setup your Firewall, view logs of your Firewall, Backup or Restore your Firewall Settings, view your Ethernet information, view your Firewall information, start the Firewall Wizard, and view a Help screen.
I was just wondering what other people thought of this idea and wether it seems like the way to go.
From the Firewall Wizards screen you can set up the firewall to allow you to host a server such as Quake or Half Life (Currently playing UT2004), use Secure Shell (SSH) to securely connect to a remote server, use DHCP (Dynamic Host Configuration Protocol) to assign IP addresses from a DHCP server or run a DHCP server from your own computer, and other useful functions like running a FTP server or a chat program like Mirc.
The original article (at motherboards.org) can be found here for those who are interested.
April 20th, 2004, 10:24 PM
I think having the firewall in the chipset is a very good idea, although would have a slight disadvantage with patching.
If the firewall is in hardware it means that it will not be able to be patched easily without a method of changing it, which has its problems that it can be exploited and overwriten, if the firewalling wasnt done by storing the rules and other stuff in a memory location (eeprom or flash) and done using some sort of PAL (programmable array logic) that could only be altered by hardware methods it would make remote expoitation very hard. A way to alter it could be similar to flashing a new bios, which could be done using eeproms, but again the problem here is that it can be still altered at OS level.
Patching would be a difficult issue to address, as it would mean leaving some door that could be exploited by the attacker
April 20th, 2004, 11:13 PM
I read an article recently about a ukranian company that is planning on making this security chipset. This chipset is going to have a firewall, anti virus and other security futures built right into it. I wonder if it will work
April 20th, 2004, 11:25 PM
For the general public it won't work any better than the free software firewalls.... The problem still lies with the user. If the user says "allow 1337_H@x0r outbound any any" and "allow 1337_H@x0r inbound any any" then guess what..... 1337_H@x0r can do anything he pleases....
No change really from any other "firewalling system"..... If the user makes the rules about things the user doesn't fully understand the consequences of then the user can break the system.... I guess that's why they employ me.... So I can apply rules, with understanding of the consequences and subsequent mitigation techniques so that they don't have to worry about them......
That sounds like job security..... I can go for that... Keep the masses dumb.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
April 20th, 2004, 11:40 PM