[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why isn't Sygate enough?



PureBytes Links

Trading Reference Links

>   What I don't understand is why are people attempting to
> add additional firewall protection on top of Sygate? What is
> Sygate lacking that encourages this?

Here's my understanding, which I think is accurate but I don't 
guarantee it:

Sygate is not a firewall.  It's a NAT -- a Network Address Translator 
that fools the clients into thinking they're directly connected to 
the net.  That's its primary functionality.  It shares a single 
connection (modem, DSL, cable, whatever) among several systems.

I believe a NAT like Sygate provides quite a bit of protection for 
the clients, since their IP address are not visible to the outside 
world.  E.g. nobody can ping directly to one of my Sygate clients 
because they literally can't see that address.

However, Sygate provides very little protection to the Sygate server. 
 Some people running Sygate in its "enhanced security" mode claim 
their ports (as tested by grc.com and similar sites) are totally 
"stealthed" and invisible to attack.  I don't know how they do that, 
because my system, running Sygate with enhanced security, was wide 
open until I made the changes recommended on grc.com.  "Wide open" in 
this case meant that ANY outsider could read ANY file on my disks -- 
grc.com listed my directory to prove it.  I'm not certain but I think 
they might be able to CHANGE files too.

Think that might be a problem?

Furthermore, if a hacker finds a way into your Sygate server system, 
the clients are no longer protected -- because he can worm his way 
through your LAN to any system connected to the server.

Those simple kinds of security issues can be addressed with a few 
simple changes to your networking.  But they don't protect you from 
active attack by hackers.  Even if you close all your ports as 
grc.com describes, you may still be susceptable to other attacks like 
DoS (denial of service) and other problems.

Also, Sygate & similar products provide NO protection against attacks 
from "inside" -- Trojans that try to "phone home" to send the 
mothership your credit card numbers, bank account numbers, etc.

A good and properly configured firewall will detect, block, and warn 
you of attacks from outside.  Most of them also detect and block 
unauthorized action from inside.  With a properly configured firewall 
you are nearly invulnerable to attack.

The trick is the "properly configured" part.  Configuring a fireall 
can be a real headache.  It's an ongoing job as you add new apps, 
etc, that need to be granted permission.  Some of them (e.g. 
BlackIce) are pretty automated and figure things out "intelligently" 
on their own.  But this often results in false alarms because the 
"intelligent" agent isn't as intelligent as you'd like.

It's a shame that millions of people have to worry about this and 
expend countless hours and $$ to protect themselves from a bunch of 
destructive, thieving sociopaths.  But that's life on the Net.

Gary