Comodo blocking port forwarding
in [Firewalls]
|
Prev: Microsoft Firewall vs ????
Next: ICT firewall Security
From: "Mr. Arnold" MR. on 6 Apr 2008 16:39 "Poutnik" <me(a)privacy.net> wrote in message news:MPG.226345c240bfac71989682(a)127.0.0.1... >I do not need to learn what the hardware FWs are > and how they are supposed to work. It's not about a hardware FW. It's about FW(s) period. There are software FW(s) that run on a secured gateway computer that controls traffic between two networks, the WAN and LAN interface two NIC(s) on the computer are being used with one NIC facing the WAN and one NIC facing the LAN. You do know what a gateway computer is a about that's running a FW? You do know what a network interface card is (a NIC)? Whether it be a hardware FW solution or a software FW solution, the FW solution must have at least two interfaces. One interface *must* face the WAN/Internet and one interface must face the LAN. > > According to the fact > Comodo is personal software firewall, > I stayed at this topic. Comodo is not a FW. It's a machine level packet filter that protects at the machine level. It protects the services running on the computer at the machine level. It does not separate two networks, like a FW does. > > We can debate, if Pers SW FWs are proper term, but it is commonly used. > And modern PSW are much more then plain packet filters. > PF have no more chance against sofisticated malware. Yeah, they got a lot of snake-oil in them trying to protect you from you that it cannot do. > > SW FW can be more easily compromized, > but on the other hand, the have more chances > to detect application hijacking > and suspicious interprocess comunication. That's not a FW functionality. That's snake-oil in a personal so called FW or personal packet filter trying to protect you from you, that it cannot do. However, if the O/S on a gateway computer is stripped of all software and services that could lead to a compromise of the gateway computer, it's just as secure as a hardware solution. That's not the case with a PFW/packet filter solution having a secured O/S platform to run on, so it's more easily attacked, along with the O/S being attacked. > > This field is closed to distant HW firewalls. > > HW and SW FWs have little different goals, purpose and usage. Hardware firewalls and network software firewalls, with a software solution running on a secured host gateway computer, not a PFW, have the same goals, that is to segment networks, they sit at the junction point between two networks and act as a firewall or a firedoor to limit the possible spread of damage between one network to another network, using two network interfaces. > There is no use for their users fight each other. > They have common enemy. > You should learn what FW(s) are about and some 3rd party personal solution called a FW is not a FW. It's a packet filter protecting at the machine level, at best. You should learn what FW(s) are about hardware and software FW(s). A personal FW in not a FW solution. Viacomsoft has a software FW solution that uses two NIC(s) and runs on a secured Windows Server O/S. There are others too besides Viacomsoft. Some snake-oil trash like Commando and others are nowhere in the ballpark. http://www.vicomsoft.com/knowledge/reference/firewalls1.html http://www.more.net/technical/netserv/tcpip/firewalls/
From: Poutnik on 7 Apr 2008 16:54 Hehe, I know what SW and HW firewall is, in pure IT terminology. For simplicity I called both HW FWs, as having dedicated device for their functionality, in opposite to so called PFWs. I know what the gateway computer is about, so do I know about all OSI or TCP/IP layers it works with. So Do I know NICs, obviously. Surpricingly, firewalls have nothing to do with NICs. They were here before computers have come. FWs safely separate 2 independent spaces for fire not easily gets from one to the other. What is the "space" and what is the "fire" can have high level of abstraction. Computers with NICs, separating networks are just one particular application of this idea. Dividing spaces inside and outside of computers is other application. But I agree with you, just for pure terminology reasons, it is unlucky call both of them firewalls. Neither do I like calling tea something not originated from Camelia sinensis. > > Comodo is not a FW. It's a machine level packet filter that protects at the > machine level. It protects the services running on the computer at the > machine level. It does not separate two networks, like a FW does. "PFW" were packet filters lets say 6-7 years before. Now these would be horrible inefficient in protection. BTW some simple pure HW firewalls are not any better than these packet filters... > Yeah, they got a lot of snake-oil in them trying to protect you from you > that it cannot do. Well, I can get through big corporate firewalls of our big IT company whatever I want. I would not be able to do it, if my workstation there would have modern PFW properly configured not to allow me it. > > > > > SW FW can be more easily compromized, > > but on the other hand, the have more chances > > to detect application hijacking > > and suspicious interprocess comunication. > > That's not a FW functionality. That's snake-oil in a personal so called FW > or personal packet filter trying to protect you from you, that it cannot do. It depends on what you mean by separating network. If this is not FW functionality, than they will be obsolete soon. There is no need to compromise or even attack FW ( where HW/SW ones are strong ), if you can persuade him. These days is so easy to bypass strong inbound protection of HW firewalls by other ways, relaying on weak human factor. And than, so easy to persuade firewalls that outbound traffic should be allowed. > However, if the O/S on a gateway computer is stripped of all software and > services that could lead to a compromise of the gateway computer, it's just > as secure as a hardware solution. No point to disagree here.
From: Sebastian G. on 7 Apr 2008 17:42 Poutnik wrote: > "PFW" were packet filters lets say 6-7 years before. Now these would be > horrible inefficient in protection. Correction: They are pretty inefficient in protection, and have always been. They can't even get the simple packet filtering stuff right, much less any of their additional horribly stupid attempts. > Well, I can get through big corporate firewalls of our big IT company > whatever I want. I would not be able to do it, if my workstation there > would have modern PFW properly configured not to allow me it. If a host is vulnerable without a firewall, then it also is with one. Firewalls are only a redundant layer (aka defense-in-depth) to guard against configuration errors and to efficiently filter out junk traffic (instead of stressing the host with doing so).
From: "Mr. Arnold" MR. on 7 Apr 2008 18:50 "Poutnik" <me(a)privacy.net> wrote in message news:MPG.2264a87969f1b81e989683(a)127.0.0.1... > > Hehe, I know what SW and HW firewall is, in pure IT terminology. > > For simplicity I called both HW FWs, as having dedicated device for > their functionality, in opposite to so called PFWs. > > I know what the gateway computer is about, > so do I know about all OSI or TCP/IP layers it works with. > So Do I know NICs, obviously. > > Surpricingly, firewalls have nothing to do with NICs. They were here > before computers have come. FWs safely separate 2 independent spaces > for fire not easily gets from one to the other. What is the "space" and > what is the "fire" can have high level of abstraction. What? The traffic travels from the WAN to the LAN. That is traffic that's let through the firewall, the trusted and untrusted zone. Whether it be two NICS doing a (WAN/LAN) or the WAN/LAN on a FW appliance, traffic is controlled between the interfaces, inbound and outbound, the trusted and untrusted zones with a FW solution. > > Computers with NICs, separating networks are just one particular > application of this idea. > Dividing spaces inside and outside of computers is other application. > > But I agree with you, just for pure terminology reasons, > it is unlucky call both of them firewalls. > Neither do I like calling tea something not originated > from Camelia sinensis. >> >> Comodo is not a FW. It's a machine level packet filter that protects at >> the >> machine level. It protects the services running on the computer at the >> machine level. It does not separate two networks, like a FW does. > > "PFW" were packet filters lets say 6-7 years before. Now these would be > horrible inefficient in protection. BTW some simple pure HW firewalls > are not any better than these packet filters... > That's a NAT router for home usage. That's not a FW appliance. >> Yeah, they got a lot of snake-oil in them trying to protect you from you >> that it cannot do. > > Well, I can get through big corporate firewalls of our big IT company > whatever I want. I would not be able to do it, if my workstation there > would have modern PFW properly configured not to allow me it. Look man, I was contacting my ISP's NNTP server on TCP 119 and POP3 TCP 110/SMTP on TCP 587 from my laptop at a client's site. First they told me they didn't want me to do it, and then when I continued, they stopped the connections via the company's network FW. So, please don't tell me that they cannot stop you if they choose to do so. Whatever you're doing, they don't view it as a threat that needs to be stopped. They stopped me last Friday by setting FW rules. So, are you going to sit there and tell me you have some kind of slick little program that hidding your activities, and that the FW admin can't see what you're doing? <g> >> >> > >> > SW FW can be more easily compromized, >> > but on the other hand, the have more chances >> > to detect application hijacking >> > and suspicious interprocess comunication. >> >> That's not a FW functionality. That's snake-oil in a personal so called >> FW >> or personal packet filter trying to protect you from you, that it cannot >> do. > > It depends on what you mean by separating network. > If this is not FW functionality, than they will be obsolete soon. It never was a FW functionality. It's a snake-oil personal FW solution. > > There is no need to compromise or even attack FW ( where HW/SW ones are > strong ), if you can persuade him. We are talking about something like Commando that runs with the O/S. The O/S can be fooled and so can the snake-oil PFW solution if malware can get there and can be executed. It can punceh right through it. > These days is so easy to bypass strong inbound protection of HW > firewalls by other ways, relaying on weak human factor. > And than, so easy to persuade firewalls that outbound traffic should be > allowed. So, what happens at the boot and login process when malware can beat the PFW, run and communicate, before the PFW can run to protect the connection? The O/S is not waiting for the PFW before the connection is make available? The 3rd patry PFW is not an intergrated solution. > >> However, if the O/S on a gateway computer is stripped of all software and >> services that could lead to a compromise of the gateway computer, it's >> just >> as secure as a hardware solution. > > No point to disagree here.
From: Sebastian G. on 7 Apr 2008 19:13 Mr. Arnold wrote: > Look man, I was contacting my ISP's NNTP server on TCP 119 and POP3 TCP > 110/SMTP on TCP 587 587 is typically SUBMISSION (which is essentially SMTP but with a bit relaxed semantics to allow more stringent spam filtering). > So, are you going to sit there and tell me you have some kind of slick > little program that hidding your activities, and that the FW admin can't see > what you're doing? <g> Not that I'd support using such tools for circumventing a company's network policy (which exists for a good reason), but yes, such tools exists. In fact, one can even create cryptographically secure hidden channels, that is if you had any method differing them from legitimate traffic (yes, even adaptive active attacks) you would also be able to break some protocols which are considered cryptographically strong.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: Microsoft Firewall vs ???? Next: ICT firewall Security |