Firewall question.

[Bob]

Archived from groups: comp.security.firewalls (More info?)

Hello,
I have a question for you all please.

I have been running the XP firewall, but now have a firewall made by
Sygate. Do I need to turn off the one in XP, or is it OK to run them both
for the added protection?
I have heard both, but I thought that a few of you guy who seem to really
know your stuff in here might be able to give me the correct answer.

Thanks,
Bob

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Bob" <ace-62@earthlinkNOSPAM.net> wrote in news:CA%kc.1527$a47.1023
@newsread3.news.atl.earthlink.net:

> Hello,
> I have a question for you all please.
>
> I have been running the XP firewall, but now have a firewall made by
> Sygate. Do I need to turn off the one in XP, or is it OK to run them
both
> for the added protection?
> I have heard both, but I thought that a few of you guy who seem to
really
> know your stuff in here might be able to give me the correct answer.
>
> Thanks,
> Bob
>
>
>

If you want to run two, then run one that has many of the FW like
features and does more than the XP ICF that's on the O/S. Malware can
take down any third party host based FW easily, but it's hard to take
down IPsec, since it's integrated with the O/S.

In addition to this, XP's FW upon the release of SP 2 will have
application control that will bring XP's FW on par with third party host
based FW(s).

Currently, IPsec will get to the TCP/IP connection first at boot and XP's
SP 2 FW will also get to the TCP/IP connection at boot.

At boot is a vulnerable situation for a machine with a third party FW
solution installed, since malware will beat any of them to the TCP/IP
connection and be done by the time any of them can get there and stop it.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

All you have to do is implement the AnalogX Secpol file and you're
covered. The POP3, HTTP etc, etc for the *client* are already configured.

You may want to look at *Protecting against Denial of Service Attacks*
being discussed in the link.

http://www.uksecurityonline.com/husdg/windowsxp.php

On the other hand, you may want to get a cheap NAT router and use Sygate
and IPsec behind it to supplement, like I do with the NAT router BlackIce
and IPsec on all machines.

A cheap NAT router cost as much as you have paid for Sygate, if not the
free one, because a NAT router stops everything in front of the machine
and the O/S and the FW will not react -- the true *stealth* part in a *I
am stealth* statement.

http://www.homenethelp.com/web/explain/about-NAT.asp

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Bob" <ace-62@earthlinkNOSPAM.net> wrote in news:CA%kc.1527$a47.1023
@newsread3.news.atl.earthlink.net:

> Hello,
> I have a question for you all please.
>
> I have been running the XP firewall, but now have a firewall made by
> Sygate. Do I need to turn off the one in XP, or is it OK to run them
both
> for the added protection?
> I have heard both, but I thought that a few of you guy who seem to
really
> know your stuff in here might be able to give me the correct answer.

My 2 cents:

While some software firewalls (such as Norton) are stated by the company
as being able to run concurrently with the WinXP firewall, I've seen
somewhere (I think the Sygate site or the documentation), that Sygate is
not to be run with another software firewall.

Although I ran both Norton and the XP firewall concurrently for a long
time (until I got my router) and had no apparent problem from doing so, I
don't know if it really serves a useful purpose - the only one I can
think of is if the main firewall (the non-XP) somehow becomes
deactivated, there is still hopefully incoming protection.

--
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc/PGP.htm