Results 1 to 5 of 5

Thread: Firewall in the chipset?

  1. #1
    Member
    Join Date
    Apr 2003
    Posts
    95

    Firewall in the chipset?

    The new nForce3 250Gb Chipset aparently contains its own firewall.

    I was just wondering what other people thought of this idea. From the article i read about it there is a software package to control the firewall

    The built-in Firewall is controlled by the Network Access Manager. The first screen shows the Network Access Manager Setup Screen. From here you can setup your Ethernet,, setup your Firewall, view logs of your Firewall, Backup or Restore your Firewall Settings, view your Ethernet information, view your Firewall information, start the Firewall Wizard, and view a Help screen.
    From the Firewall Wizards screen you can set up the firewall to allow you to host a server such as Quake or Half Life (Currently playing UT2004), use Secure Shell (SSH) to securely connect to a remote server, use DHCP (Dynamic Host Configuration Protocol) to assign IP addresses from a DHCP server or run a DHCP server from your own computer, and other useful functions like running a FTP server or a chat program like Mirc.
    I was just wondering what other people thought of this idea and wether it seems like the way to go.

    The original article (at motherboards.org) can be found here for those who are interested.

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    I think having the firewall in the chipset is a very good idea, although would have a slight disadvantage with patching.

    If the firewall is in hardware it means that it will not be able to be patched easily without a method of changing it, which has its problems that it can be exploited and overwriten, if the firewalling wasnt done by storing the rules and other stuff in a memory location (eeprom or flash) and done using some sort of PAL (programmable array logic) that could only be altered by hardware methods it would make remote expoitation very hard. A way to alter it could be similar to flashing a new bios, which could be done using eeproms, but again the problem here is that it can be still altered at OS level.

    Patching would be a difficult issue to address, as it would mean leaving some door that could be exploited by the attacker

    i2c

  3. #3
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066
    I read an article recently about a ukranian company that is planning on making this security chipset. This chipset is going to have a firewall, anti virus and other security futures built right into it. I wonder if it will work
    I am the uber duck!!1
    Proxy Tools

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    For the general public it won't work any better than the free software firewalls.... The problem still lies with the user. If the user says "allow 1337_H@x0r outbound any any" and "allow 1337_H@x0r inbound any any" then guess what..... 1337_H@x0r can do anything he pleases....

    No change really from any other "firewalling system"..... If the user makes the rules about things the user doesn't fully understand the consequences of then the user can break the system.... I guess that's why they employ me.... So I can apply rules, with understanding of the consequences and subsequent mitigation techniques so that they don't have to worry about them......

    That sounds like job security..... I can go for that... Keep the masses dumb.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hey there The Duck:

    If they fit it with a .50 cal coax and half a dozen 105mm recoilless launchers, maybe even I would buy one



    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •