[Rhodes22-list] virus?

Mark Kaynor mark at kaynor.org
Thu Mar 4 08:54:42 EST 2004


Dang. That's "stateful packet inspection", not "tasteful packet inspection".

Hmm... would that typo be the opposite of what Justin Timberlake did during
halftime?

Mark



-----Original Message-----
From: rhodes22-list-bounces at rhodes22.org
[mailto:rhodes22-list-bounces at rhodes22.org]On Behalf Of Mark Kaynor
Sent: Thursday, March 04, 2004 8:51 AM
To: The Rhodes 22 mail list
Subject: RE: [Rhodes22-list] virus?


Peter,

Switches do not normally contain the firewall-type functions included more
often in routers and wireless access points. They're usually fairly dumb in
that they simply allow several computers to be connected to form a network.

The real trick to Internet security is to use what's known as "defense in
depth". This is basically the practice of placing as many impediments in the
way of the black hats as you can without unduly restricting the ability of
your users to conduct business. Good security consists of several levels of
defense. IMHO, the top three among these layers are a good firewall, regular
application of software updates and patches (including anti-virus and
operating system), and user education.

For those of you who are interested, the following is a bit of how I explain
this firewall stuff to my less technical users - maybe it'll help. It does
get a bit technical since the subject by nature is a bit technical, so if
you're not all that interested, you can save yourself some time by skipping
the rest of this email.



Mark Kaynor




Each computer on the Internet requires it's own, unique Internet Protocol
(IP) address. At some point "the Internet guys" realized that, at the rate
things were growing, they were going to run our of IP addresses. To address
this problem, Network Address Translation (NAT) was created. Basically, NAT
allows you to map several internal (local area network) IP addresses to a
single external (Internet) IP address. This means many computers inside your
firewall can share a single outside IP. To the outside world, it looks like
all the traffic is coming from a single computer. A byproduct of this is
that it also "hides" the addresses of your internal computers, discouraging
direct attacks.

A firewall should include the ability to selectively open and close ports
(think of them as channels on a TV for now). For example, the world-wide web
protocol HTML uses port 80. If you use Outlook or another POP email client,
your computer probably talks to your email server on port 110. Your email
server talks to other email servers on port 25. For two computers to have a
conversation, they must be able to "speak the same language" (protocol) on
the same "channel" (port). A firewall should allow you to selectively open
and close ports in both incoming and outgoing directions. Closed ports
prevent undesired access.

Many firewalls use what's called "tasteful packet inspection" to determine
whether packets can get through the firewall based on the protocol, port,
and source and destination addresses. Each allowed request opens the port
for a limited time and only allows communication with the same computer with
which the conversation began.

Many firewalls allow you to set time use policies - for example, you can
allow access to email servers only between 07:00 and 17:00.

Many firewalls allow you to create "white lists" and "black lists", allowing
you to prevent access from specific IPs or to allow access only from
specific IPs.

Each computer's network interface has a unique hard-wired address called a
MAC address. This is built into the network card and cannot be changed (it
can be "spoofed", but that's another issue). Firewalls usually allow you to
lock down access to or from specific MAC addresses. I use this method on my
wireless access point at home - if your computer's MAC address isn't on the
list, you're not accessing the network.

A firewall should allow the ability to create rules or "filters" based on
one or several of the above. You should be able to create specific allow or
deny filters on a port-by-port, protocol-by-protocol, IP-by-IP, MAC-by-MAC
basis.

A firewall should provide a method for logging all or selected access
attempts. This allows you to identify problems, fine-tune your firewall
settings, and track break-ins or attempts.

-----Original Message-----
From: rhodes22-list-bounces at rhodes22.org
[mailto:rhodes22-list-bounces at rhodes22.org]On Behalf Of Peter Thorn
Sent: Wednesday, March 03, 2004 6:41 PM
To: The Rhodes 22 mail list
Subject: Re: [Rhodes22-list] virus?


Mark,

We have a LinkSys hardwired home network ( a switch?).  Does that contain a
firewall and would there be a problem usuing two firewalls?

PT


> Peter,
>
> A personal firewall is definitely a good idea. ZoneAlarm is a good one,
but
> I like the Sygate Personal Firewall - it's also free, very easy to use and
> works well. Here's a link to it:
> http://smb.sygate.com/products/spf_standard.htm
>
> Mark Kaynor
>
>
>
> -----Original Message-----
> From: rhodes22-list-bounces at rhodes22.org
> [mailto:rhodes22-list-bounces at rhodes22.org]On Behalf Of Peter Thorn
> Sent: Wednesday, March 03, 2004 2:33 PM
> To: The Rhodes 22 mail list
> Subject: Re: [Rhodes22-list] virus?
>
>
> Rummy,
>
> Thanks for the suggestions.  My McAfee antivirus automatically updates
> itself whenever the "Big McAfee" says to, so I never have to do it
manually.
>
> I'm also using Spy-Bot Search and Destroy about once a week.
>
> Haven't heard about zonelabs.  The guys who installed our home network
said
> it was a firewall.  Do you think this would this be sufficient?
>
> PT
>
>
>
> ----- Original Message -----
> From: <R22RumRunner at aol.com>
> To: <rhodes22-list at rhodes22.org>
> Sent: Wednesday, March 03, 2004 1:47 PM
> Subject: Re: [Rhodes22-list] virus?
>
>
> > PT,
> > Antivirus definitions should almost be updated daily. Norton's 2003
> version
> > has an automatic update feature that does the update every time you sign
> on to
> > your ISP.
> > I would also recommend installing spybot software
> > http://www.safer-networking.org/index.php?page=mirrors and depending on
> the Windows version you are
> > running also installing Zone Alarm which also has a free version to try
> out:
> > http://www.zonelabs.com/store/content/home.jsp
> > It seems like a lot to do, but it is necessary in this day and age.
> >
> > Rummy
> > __________________________________________________
> > Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list
>
> __________________________________________________
> Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list
>
> __________________________________________________
> Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list

__________________________________________________
Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list

__________________________________________________
Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list



More information about the Rhodes22-list mailing list