[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Firewall recommendation? You'll need more than that!



PureBytes Links

Trading Reference Links

Mark,

it would be good if you explain why a firewall fails. You are a software 
engineer
and statements to the effect of "firewalls aren't good enough" don't help.

A firewall is like a security guard with a checklist. The checklist is 
created by you.
If you permission individual IE 5.02 to have access to the Net via certain 
ports,
the firewall is blind to IE 5.02 when it uses those ports.

Now, anything that is not on the checklist, permissioned, is stop dead on 
its tracks.
So what is the loophole?

Simple, a trojan uses IE 5.02 to get in and send things out! Or Outlooks or 
some
other popular program that one has to permission access!! ActiveX, Java 
applets is
just perfect for this. Aureate does this. Realplayer uses blackorifice and 
gets caught
easily.

If developers uses their bloody brains for once and customers uses theirs 
to demand
for the correct architecture in market quotes/analysis/whatever software, a 
lot of risk
is reduced.

First. The dataplant/pump/factory/whatever fancy jargon a consultant 
thought up application
must be a standalone.
Second, it must have very specific disk i/o behaviours when writing the 
data files which
should be made know beforehand.
Third, the charting/testing application must be a standalone whose disk i/o 
is for the
data only.

Then, you can firewall/permission the dataplant/pump/factory/whatever fancy 
jargon a consultant
thought up application for net access and sandbox/limit its disk access to 
a particular partition and
directory. If you its tries to go outside of the sandbox area, its a trojan.

As charting/testing application is also firewall/permission to have NO 
access to the net,  if it tries
to access the net, its a trojan.

So really, brainless people or people who stuff don't amounting to anything 
or what they are developing
wouldn't amount to anything (subconsciously or whatever) will use a browser 
based testing software.
Or a thin client one.

Now, you'd think, I use a lease line to Reuters, Telerate with a testing 
software or spreadsheet and
as it is sans the Net, I perfectly safe.

Hey what stopping a engineer at those places from putting in a backdoor 
like the ones in MS did to
get access to your workstation? Do you even bloody check? Do you even have 
a monitoring/firewall
software to be sure?

If you are networked, be it thru the Net or some private one, you are open.


At 04:42 AM 5/4/00, Mark Jurik wrote:
>Several weeks ago, at exactly noon, my home computer was hit by attempted 
>port entries at the rate of several hundred per hour. All were trying to 
>access the same port number, which may have overwhelmed 
>Zonealarm.  Afterwards, it seems that even if the emergency stop button 
>(configured to stop all traffic) is pressed, there was still significant 
>I/O activity on the modem's lights.  Something was compromised.  I emailed 
>ZA about this, asked a few questions and received no response.
>
>I took the computer off line, examined my system for evidence of hacking 
>and spent the following weeks studying how to get better computer security 
>while surfing the net. I received a few surprises along the way ...
>
>- Microsoft admits Win95 and 98 are not secure enough to be used in 
>hostile network environments (the Internet).
>- Firewalls and anti-virus utilities are not invincible.  They have 
>security holes, such as letting in malicious ActiveX controls.
>- The ActiveX certification process does not guarantee safety or function, 
>and is not to be relied on.
>- Although disabling file/printer sharing may stop an eight-year-old from 
>accidentally accessing your computer, it does not prevent a malicious 
>hacker from getting what he wants.
>- NT4 with SP5, when installed and set up for Internet access, is also 
>vulnerable, unless many changes are made to its configuration.
>
>After reading numerous reports on how to beef up security for Internet 
>access, I compiled a set of security enhancing guidlines that I plan to 
>use on my next computer, before it goes online. The report also lists 
>commercial grade security add-ons.  For example, ICSA certified firewalls. 
>(ZA is not on the list.)
>
>This is still a work in progress.  However, you can download a 2-page 
>"Executive Overview" from http://www.jurikres.com/down/security.pdf   It 
>is a PDF file.
>
>If this matter interests you and you have experienced a hack-attack, or 
>know of hardware or software enhancements that are not mere toys, then 
>please let me know (via direct e-mail). I will keep all personal 
>information confidential.  In return, you get an advanced copy of my 
>report upon completion.
>
>- Mark Jurik
>
>
>
>
>
>
>
>
>
>----------
>From:   NHBob[SMTP:rehhrd@xxxxxxxxxx]
>Reply To:       NHBob
>Sent:   Thursday, April 27, 2000 6:25 PM
>To:     cashc@xxxxxxxxxxxx; Shawn Andrew
>Cc:     omega-list@xxxxxxxxxx
>Subject:        Re: Firewall recommendation?
>
>Don't know what else the DLink provides besides NAT for protection, but even
>on this list I have yet to hear much negative about ZoneAlarm, which has new
>v2.1 out, and is totally free and quite effective.  www.zonelabs.com
>I'm on DSL & its replaced BalckIce readily & so far, combined w/Norton
>AntiVirus 2000 is intercepting w/o problem or complication.
>NHBob
>----- Original Message -----
>From: cashc@xxxxxxxxxxxx
>To: Shawn Andrew
>Cc: omega-list@xxxxxxxxxx
>Sent: Thursday, April 27, 2000 8:11 PM
>Subject: Re: Firewall recommendation?
>
>
>For $125, I don't have to have a PC that's spinning my electric dial
>24 hours a day, don't have to re-boot, don't have to take the time to
>mess with setting all that up, don't have yet another machine that's
>heating up my room. (It's hot enough as it is with the PC's I do have
>in the summer even with A/C)
>
>Date sent:      Thu, 27 Apr 2000 16:24:12 -0400
>From:           Shawn Andrew <Shawn@xxxxxxxxxxxxxxxx>
>Organization:   Ricercar Fund /SA
>To:             cashc@xxxxxxxxxxxx, "omega-list@xxxxxxxxxx"
><omega-list@xxxxxxxxxx>
>Subject:        Re: Firewall recommendation?
>
> >
> >
> > cashc@xxxxxxxxxxxx wrote:
> >
> > > I just got cable modem!
> > >
> > > And I just ordered a DLink DI-701 from buy.com.  it is supposed to
> > > act as a firewall and allow me to share the connection.
> > >
> > > I don't know about DSL.
> > >
> > > I'll see how it works soon.
> > >
> > > Date sent:              Tue, 18 Apr 2000 20:31:09 -0400
> > > From:                   "Kent Rollins" <kentr@xxxxxxxxxxxxxx>
> > > To:                     "OmegaList" <omega-list@xxxxxxxxxx>,
><metastock@xxxxxxxxxxxxx>
> > > Subject:                Firewall recommendation?
> > >
> >
> > Why would you spend money buying something that is absolutely free and
>better.
> > Yes. All you have to do is grab a 486 Machine or even 586 computer from a
>second hand
> > store.
> > Thost you can get for about 40 - 60 Dollars. All you need is an intel
>processor (386, 486 .
> > or 586)
> > A 4MB Ram and two network cards plus 240MB Hard drive space.
> >
> > That box will act as your firewall, mail server , DNS server, Firewall
>serer , Web Server
> > etc.
> > Linux does it free of charge. Besides with its Masquerading system you are
>much better off
> > than
> > paying just for a hardware version.
> >
> > Regards
> > Shawn
> > --
> >
> > ---------------------------------------------------------------------
> > Ricercar Fund /SA "Quarendo Invenietis"
> > http://www.RicercarFund.com
> > ----------------------------------------
> > The information contained in this e-mail is intended only for the
>individual or entity to
> > whom it is addressed. It may contain
> > privileged and confidential information and if you are not an intended
>recipient you must
> > not copy, distribute or take any
> > action in reliance on it. If you have received this e-mail in error,
>please notify the
> > sender immediately. Please also destroy
> > and delete the message from your computer.
> >           ----------------------------------------
> >
> >
> >
>
>
>
>"Buy Low, Sell High"
>(If this statment is used for financial gain, I am entitled to 10% of all
>profits. ;) )