Page 1 of 5 123 ... LastLast
Results 1 to 10 of 44

Thread: Purpose of personal firewalls?

  1. #1
    Junior Member
    Join Date
    Nov 2005
    Posts
    22

    Purpose of personal firewalls?

    Here I am redesigning my home network, installing the OS's, building my server. As I sat there, trying to figure out what firewall I liked, something kind of just hit me. One of those mini-revelation things. I guess I'm just kind of slow in figuring this out, but on an internal network, what is the need for a firewall or at least a packet filter? I like packet filter firewalls but as I was playing around with CHX-I, it hit me. What do you need a firewall for on an internal network? Granted you need something in place. But for what? Am I really worried about being port scanned, hacked into, etc.? Why would I be? I'm not offering any services on my laptop or my work PC. So what do I need a firewall for? The only thing I really have to worry about are any programs/services/etc. dialing out, something that might "phone home", or at the very least, something that makes a connection to somewhere that I do not wish for it to make.

    I dont like application firewalls very much ie. ZA, etc., but from my thinking, that would be what I am looking. Do I really need a packet filtering firewall? Does anyone really need any type of packet filtering firewall or any other type of firewall for that matter on an internal network ( well besides one that stops applications from making unknown connections )? All a user/admin has to really worry about is about what connections are going out from a PC, not one that is coming in.

    Does anyone have any recommendations? I really like CHX-I so I guess something along those lines but for stopping any applications from dialing out.

  2. #2
    Banned
    Join Date
    Jun 2005
    Posts
    445
    I'm not offering any services on my laptop or my work PC
    You don't need a firewall.

    The only use for it is...

    The only thing I really have to worry about are any programs/services/etc. dialing out
    And common sense can mitigate those risks.

    As Catch has stated on several occasions, firewalls lower system security by making the system more complex, and in many cases offering another avenue of exploitation.

    If you're on an internal network... You don't need one. You are behind a gateway firewall, correct?

  3. #3
    Junior Member
    Join Date
    Nov 2005
    Posts
    22
    Yes I am, but sometimes I connecto to other wireless networks and I have been port scanned. Annoying I guess but not harmful.

    As for the applications dialing out part. Can common sense really reduce the risk? How do I know that a program that I downloaded to try out from company ABC or website XYZ didnt dial out? Or maybe I somehow have a trojan on my system. Its just that thinking about the "personal" firewalls that are offered and the amount of programs that I might/will run gives me a headache. Trying to configure rules for everything that might dial out is like being in admin hell.

  4. #4
    Banned
    Join Date
    Jun 2005
    Posts
    445
    If you have no external services... you don't need a firewall to protect you from the outside.


    Can common sense really reduce the risk? How do I know that a program that I downloaded to try out from company ABC or website XYZ didnt dial out? Or maybe I somehow have a trojan on my system.
    First of all... you shouldn't be running unknown applications on an unsecured account. The idea is containment.

    And if you are on SP2, there is already a good firewall available to you, with application control.

    If you think you have a trojan Use Housecall from TrendMicro It's a good online scanner.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    If you are worried about trojans please try:

    A-Squared

    http://www.emsisoft.com/en/software/free/

    and EWIDO:

    http://www.ewido.net/en/

    But I would make the comment that if you have let that sort of stuff get into an internal network, you have already failed

    Using an internal firewall would generally be some sort of "security blanket" without real validity in a secure system.

    After all, if you are using something like that on an internal network and it is actually catching or blocking things, you have much more serious problems with your security model/policy/design.


  6. #6
    Banned
    Join Date
    Jun 2005
    Posts
    445
    Going along with what nihil said... sounds as if you are on a corporate net?

    If so, there should be a enterprise AV in place, most likely with email scanning, the primary way for a trojan to get in. Also, many times, you can have filters running at the gateway to help catch malware.

  7. #7
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Ok, I'm gonna go against the grain here. I'm not going to dispute any of the points made here, but I am going to say that host firewalls on systems inside your network can be beneficial, if you've taken the other appropriate measures.

    I don't buy the comment about firewalls lowering security by making them more complex. When you consider the default build of Windows or a comon *Nix, or even the typical corporate build, you'll see the system is already insecurely complex ipso facto. What do you have to lose by adding something that could potentially close avenues of approach or attack?

    As catch and his oompah loompahs are always reminding us, secure systems, designed properly from the ground up, don't need the level of attention for patch management, firewalls, and security applications. However, last time I looked, hardly any of us USE systems of this pedigree.

    I've said it before...Information Security is about defense in depth. "Why have host firewalls? I have a perimeter firewall already!" What if the perimeter firewall fails? As nihil said in a different context, if baddies get inside the network, you've already failed. You can make your failure complete by having zero internal stop gaps or defenses, or you can have a fighting chance with internal measures layered upon other measures.

    But please, feel free to put all your egg's in one basket. (Wow, centuries old wisdom applied to modern digital security practice! Who'd a thunk it?)
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmm,

    I can see what you are saying Zen~ and I have seen that kind of setup in a college (university) environment, where there was a real danger of attack from within Sort of like a network within a network? There were the usual external defences as well.

    Hey, I won't even comment on the network/information systems design there

    Personally, when it comes to "close quarters fighting", I tend to like mail control and registry protection.


  9. #9
    Banned
    Join Date
    Jun 2005
    Posts
    445
    insecurely complex ipso facto
    The best way I can explain my point is... it's like a leak in a hose... If you put duct tape on it, it stops the leak, but the hole remains. You need to plug the hole. Lock down your services, and save yourself the system load.

  10. #10
    Banned
    Join Date
    May 2003
    Posts
    1,004
    I don't buy the comment about firewalls lowering security by making them more complex. When you consider the default build of Windows or a comon *Nix, or even the typical corporate build, you'll see the system is already insecurely complex ipso facto.
    So first you say that you don't agree with the idea of increased complexity reducing security... and then in your very next statement you say the systems are already "insecurely complex". You sound confused.

    What do you have to lose by adding something that could potentially close avenues of approach or attack?
    How does an internal firewall close avenues of attack? If you have a filter segregating that network segment what points of attack are you worried about?
    Attacks from the outside will be dealt with by the external filter.
    Attacks from host based malware can be prevented by disallowing in installation/execution of unsigned executables.
    Internal worms will use the same channels as internal trusted communications so a filter again will not work unless it is integrated with malware detection which needs to be maintained.
    So where are these attack avenues?

    As catch and his oompah loompahs are always reminding us, secure systems, designed properly from the ground up, don't need the level of attention for patch management, firewalls, and security applications.
    From the ground up? Following basic security principles... (control what users do, control what code can be run, control what services are used) and suddenly these internal firewalls become a non-issue.
    Would you run a personal firewall or AV system on Linux? Why not? Because people tend to use normal, non-administrative accounts. There is no fundamental difference in structure that allows these attacks against Windows and not Linux.

    I've said it before...Information Security is about defense in depth.
    I've said it before... "defense in depth" does not mean doing the same **** multiple times in slightly different ways. Think of mantraps... you want as few very high assurance bottlenecks as possible and nothing else. Each checking different things. Firewalls, network guards, reference monitors are all fine examples.

    "Why have host firewalls? I have a perimeter firewall already!" What if the perimeter firewall fails?
    Then it fails...
    Given resources of X... what is less likely to fail... one very high assurance firewall that uses all of X or 3000 bad firewalls each costing 1/3000 of X.
    Unless each of those firewalls is configured different what is gained? Why would the failure of one not pass to the failure of others?
    If your primary firewall is compromised do the host firewalls even matter? Or can an attacker easily subvert the hosts through traffic control?

    You can make your failure complete by having zero internal stop gaps or defenses, or you can have a fighting chance with internal measures layered upon other measures.
    No one is suggesting this... different controls need to be used... the first concern is detection of the failure... then host hardening, etc. More firewalls is not defense in depth.

    But please, feel free to put all your egg's in one basket.
    Security is about assurance... not a pile of crap.
    Single points of the highest affordable assurance are always better... the same reason a reference monitor is the ideal way to handle OS security.

    Why you got positives is beyond me... the community is just full of people who have no concept of basic math skills. Damned American public schools.

    cheers,

    catch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •