Taff107

Does anyone know how effective a Sitecom 4 port DSL Router firewall is? Would you install a software firewall also? I am only saying this as my xp pc has got that msblast worm

Nicks VR4

AFAIK
you need to download the patch
Its not your firewall its your PC that lets this get through
Depending on your O/S

suba

checkout how secure your PCs are at...

www.grc.com
scan.sygate.com
www.pcflank.com

Andrewza

Sorry, that's rubbish, most NAT/Firewall DSL routers and the like will effectively stop all incoming connections other than those you specifically forward to machines inside the firewall.
Therefore this worm won't have been able to connect to the required ports and would not have been able to exploit this vulnerability patched or not. If you're worried read any of the other numerous threads on about it and install the patch then run the removal tool.

This worm in only affecting people who haven't patched AND don't have a firewall, even XP's built in firewall would have protected a machine from this.

Chris L

Andrew is spot on.

I'm not having a go here - it just goes to prove a point. Microsoft originally posted the patch on the 17 July. The auto update feature in Windows would have protected most people. I know that sometimes these things have to be tested before being applied (escpecially in business environments - we did before applying it), but it just goes to show that once again, these worms are effective because of people's complancey and ignorance rather than because of the clever coding of a worm.

Chris

Luke

This worm in only affecting people who haven't patched AND don't have a firewall, even XP's built in firewall would have protected a machine from this.

So how did it get pass my "Mcafee fire wall"??

It seems to have gone..............................

AfterI think I got the patch downloaded???

Andrewza

Without seeing your machine I don't know, by default virtually all firewalls will protect you from this, that doesn't prevent someone reconfiguring a firewall meaning it doesn't protect you from this.

Taff107

Thanks DSOTM, only problem is that I've already got and installed the router My PC 'contracted' the worm prior to me installing it

Chris L

Luke - remember firewalls are not anti virus products. In fact, they are pretty dumb to honest. They use a rule set to allow or deny traffic. This latest worm has probably been delivered via dodgy emails etc. Your firewall (most firewalls) is not designed to look for dodgy content, it simply looks at its rules base and decides whether an application can be allowed through or not.

IT Security is multi-threaded, you don't rely on one product or application - it's a combination of things - anti virus, anti spam, firewall, intrusion detection systems, network analysers etc etc. For most home users a good software firewall and decent antivirus program can be had for free.

This is what I find frustrating.

For anyone that is interested a free firewall can be found here and free antivirus (with auto update) can be found here

Chris

ChrisB

Add common sense to that list, something a lot of users seem to lack when opening attachments...

Chris L

True Chris. In fairness, this latest threat use a bug in the Remote Procedure Call, so it was harder to spot. A badly configured firewall would have let this threat through.

Chris

Luke

Cheers for help.

Is it worth getting a hardware Firewall for home use?? and if so which and how much??

stevem2k

free www.smoothwall.org . The only cost to you is an old junk pc.

You define the open inbound ports.


Without going to a full on stateful firewall, it's as good as it gets for no money.

Steve

chiark

Steve,

I've just installed ipcop, which forked from Smoothwall last year due to some very strange stuff with smoothwall - notably the attitude of some of the distro maintainers, and the apparent push towards commercialisation.

ipcop is exceptionally simple to set up - 15 minutes and you're there.

It's great, I can't recommend it highly enough for the money

Cheers,
Nick.

JR55

Once you have things up and running have a look at www.grc.com its a site that will test how visible you are on the net and gives advice how to protect yourself.

Chris L

Luke

Whether you use a hardware based firewall or software version, it comes down to how well it is configured. Neither is 'better' in that sense. The danger with firewalls is that they tend to be installed and forgotten about. They do require a degree of user intervention from time to time to make sure that they are doing their job correctly.

There are advantages to hardware based systems - such as performance and capacity (& increased security, by keeping the firewall physically separate from your PC), but whether you would notice this on a single home PC is debatable.

The biggest failing with all security systems is over confidence. There is no such thing as a 100% secure system (if there was and I'd found it, I would have retired a long time ago ).

Chris

stevem2k

Nick,

does it add anything over and above the corp 1.0 release of smoothwall ( is it iptables instead of ipchains ? )

Steve

chiark

Hi Steve,
Yep, IPCop 1.3 uses iptables rather than ipchains. I think that's down to the 2.4.x kernel? But could be wrong...

I read about the corporate version of Smoothwall, then got confused as to whether that was still "free" or not... It looks like 125 quid to me. There also seems to be a fair amount of animosity from one of the developers, which put me off using smoothwall and steered towards ipcop. I might have made the wrong choice, but hopefully for the right reasons

old-ish comparison here - http://www.zorg.org/linux/ipcop.shtml

Cheers,
Nick

stevem2k

the gpl version is still free , but a couple of revisions behind the retail .. I think this is where the confusion occurs ..

yep the corp 1.0 used 2.2 kernel - hence the ipchains. There are/were some personality clashes between the developers .. and some of the client facing guys were , shall we say, abrasive.

The basic corp edition I got for 50 quid , but without some of the extra modules and has done perfectly for quite some time, but there is no upgrade unless you purchase maintenance, so I will take a look at IPCop as soon as I can get some downtime at home , cheers.

Steve

[Edited by stevem2k - 8/14/2003 4:30:02 PM]

chiark

Good luck - I have never set up anything like this other than Zonealarm before, and it took 20 minutes... Very straightforward.

I've just bought a tiny mobo to run it all on now it's proven... An Advantech PCM-5820 which should do the job. Good ol' ebay.

Cheers,
Nick.

stevem2k

you going to ditch the HDD's and run it off a compact flash card then ?

Steve

chiark

sorely tempted to - though the one I've bought only comes with a 16mb card... I could use a card for main boot/swap and a hd for logging purposes...

DSOTM

Hehe, I think everyone missed the actual question.

Taff, personally I don't run a software firewall in addition to my hardware f/w. Mine has stateful packet inspection and can have outbound rules configured as well as the default inbound blocking.

One good reason for doing it is to prevent the propogation of viruses/worms that you receive by other means (download, email etc) ZoneAlarm and the likes have configured rules so that only authorised applications can access the internet.
If you're generally careful with emails/downloads and keep your virus scanner up to date, you shouldn't have any problems running without a software firewall (assuming you have a hardware f/w )

I took a look at Sitecom's site, and the info on there isn't exactly helpful to say the least, although it does list "Integrated Firewall" separately.

Personally, I'd take a look at offerings from Linksys or SMC.
Both are nice and easy to configure and offer heaps of features.





[Edited by DSOTM - 8/12/2003 10:40:02 PM]