[Rhodes22-list] virus?

Michael Meltzer mjm at michaelmeltzer.com
Thu Mar 4 22:34:47 EST 2004 

I do not like the software firewall(execpt in dailup)`,  The problem is the first thing the virus do is disable them :-) same for
ani-virus software(that what happened to night), any of the statefull firewalls do a much better job, been using smc stuff, good
software, on the inside pc it not worth the griff and adds little protection. The virus are going after the shares which will be
turn on anyhow.

MJM

----- Original Message ----- 
From: "Mark Kaynor" <mark at kaynor.org>
To: "The Rhodes 22 mail list" <rhodes22-list at rhodes22.org>
Sent: Thursday, March 04, 2004 8:54 AM
Subject: RE: [Rhodes22-list] virus?


> Dang. That's "stateful packet inspection", not "tasteful packet inspection".
>
> Hmm... would that typo be the opposite of what Justin Timberlake did during
> halftime?
>
> Mark
>
>
>
> -----Original Message-----
> From: rhodes22-list-bounces at rhodes22.org
> [mailto:rhodes22-list-bounces at rhodes22.org]On Behalf Of Mark Kaynor
> Sent: Thursday, March 04, 2004 8:51 AM
> To: The Rhodes 22 mail list
> Subject: RE: [Rhodes22-list] virus?
>
>
> Peter,
>
> Switches do not normally contain the firewall-type functions included more
> often in routers and wireless access points. They're usually fairly dumb in
> that they simply allow several computers to be connected to form a network.
>
> The real trick to Internet security is to use what's known as "defense in
> depth". This is basically the practice of placing as many impediments in the
> way of the black hats as you can without unduly restricting the ability of
> your users to conduct business. Good security consists of several levels of
> defense. IMHO, the top three among these layers are a good firewall, regular
> application of software updates and patches (including anti-virus and
> operating system), and user education.
>
> For those of you who are interested, the following is a bit of how I explain
> this firewall stuff to my less technical users - maybe it'll help. It does
> get a bit technical since the subject by nature is a bit technical, so if
> you're not all that interested, you can save yourself some time by skipping
> the rest of this email.
>
>
>
> Mark Kaynor
>
>
>
>
> Each computer on the Internet requires it's own, unique Internet Protocol
> (IP) address. At some point "the Internet guys" realized that, at the rate
> things were growing, they were going to run our of IP addresses. To address
> this problem, Network Address Translation (NAT) was created. Basically, NAT
> allows you to map several internal (local area network) IP addresses to a
> single external (Internet) IP address. This means many computers inside your
> firewall can share a single outside IP. To the outside world, it looks like
> all the traffic is coming from a single computer. A byproduct of this is
> that it also "hides" the addresses of your internal computers, discouraging
> direct attacks.
>
> A firewall should include the ability to selectively open and close ports
> (think of them as channels on a TV for now). For example, the world-wide web
> protocol HTML uses port 80. If you use Outlook or another POP email client,
> your computer probably talks to your email server on port 110. Your email
> server talks to other email servers on port 25. For two computers to have a
> conversation, they must be able to "speak the same language" (protocol) on
> the same "channel" (port). A firewall should allow you to selectively open
> and close ports in both incoming and outgoing directions. Closed ports
> prevent undesired access.
>
> Many firewalls use what's called "tasteful packet inspection" to determine
> whether packets can get through the firewall based on the protocol, port,
> and source and destination addresses. Each allowed request opens the port
> for a limited time and only allows communication with the same computer with
> which the conversation began.
>
> Many firewalls allow you to set time use policies - for example, you can
> allow access to email servers only between 07:00 and 17:00.
>
> Many firewalls allow you to create "white lists" and "black lists", allowing
> you to prevent access from specific IPs or to allow access only from
> specific IPs.
>
> Each computer's network interface has a unique hard-wired address called a
> MAC address. This is built into the network card and cannot be changed (it
> can be "spoofed", but that's another issue). Firewalls usually allow you to
> lock down access to or from specific MAC addresses. I use this method on my
> wireless access point at home - if your computer's MAC address isn't on the
> list, you're not accessing the network.
>
> A firewall should allow the ability to create rules or "filters" based on
> one or several of the above. You should be able to create specific allow or
> deny filters on a port-by-port, protocol-by-protocol, IP-by-IP, MAC-by-MAC
> basis.
>
> A firewall should provide a method for logging all or selected access
> attempts. This allows you to identify problems, fine-tune your firewall
> settings, and track break-ins or attempts.
>
> -----Original Message-----
> From: rhodes22-list-bounces at rhodes22.org
> [mailto:rhodes22-list-bounces at rhodes22.org]On Behalf Of Peter Thorn
> Sent: Wednesday, March 03, 2004 6:41 PM
> To: The Rhodes 22 mail list
> Subject: Re: [Rhodes22-list] virus?
>
>
> Mark,
>
> We have a LinkSys hardwired home network ( a switch?).  Does that contain a
> firewall and would there be a problem usuing two firewalls?
>
> PT
>
>
> > Peter,
> >
> > A personal firewall is definitely a good idea. ZoneAlarm is a good one,
> but
> > I like the Sygate Personal Firewall - it's also free, very easy to use and
> > works well. Here's a link to it:
> > http://smb.sygate.com/products/spf_standard.htm
> >
> > Mark Kaynor
> >
> >
> >
> > -----Original Message-----
> > From: rhodes22-list-bounces at rhodes22.org
> > [mailto:rhodes22-list-bounces at rhodes22.org]On Behalf Of Peter Thorn
> > Sent: Wednesday, March 03, 2004 2:33 PM
> > To: The Rhodes 22 mail list
> > Subject: Re: [Rhodes22-list] virus?
> >
> >
> > Rummy,
> >
> > Thanks for the suggestions.  My McAfee antivirus automatically updates
> > itself whenever the "Big McAfee" says to, so I never have to do it
> manually.
> >
> > I'm also using Spy-Bot Search and Destroy about once a week.
> >
> > Haven't heard about zonelabs.  The guys who installed our home network
> said
> > it was a firewall.  Do you think this would this be sufficient?
> >
> > PT
> >
> >
> >
> > ----- Original Message -----
> > From: <R22RumRunner at aol.com>
> > To: <rhodes22-list at rhodes22.org>
> > Sent: Wednesday, March 03, 2004 1:47 PM
> > Subject: Re: [Rhodes22-list] virus?
> >
> >
> > > PT,
> > > Antivirus definitions should almost be updated daily. Norton's 2003
> > version
> > > has an automatic update feature that does the update every time you sign
> > on to
> > > your ISP.
> > > I would also recommend installing spybot software
> > > http://www.safer-networking.org/index.php?page=mirrors and depending on
> > the Windows version you are
> > > running also installing Zone Alarm which also has a free version to try
> > out:
> > > http://www.zonelabs.com/store/content/home.jsp
> > > It seems like a lot to do, but it is necessary in this day and age.
> > >
> > > Rummy
> > > __________________________________________________
> > > Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list
> >
> > __________________________________________________
> > Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list
> >
> > __________________________________________________
> > Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list
>
> __________________________________________________
> Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list
>
> __________________________________________________
> Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list
>
> __________________________________________________
> Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list
>
>

More information about the Rhodes22-list mailing list