Archived from groups: comp.security.firewalls (
More info?)
In article <3aGdnSWUo5YO10_dRVn2hg@comcast.com>, charlesnewman1
@comcast.net.do.not.spam.me says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b3bbe205d5cdfb298a655@news-server.columbus.rr.com...
> > In article <wuedndom4N3qfUzdRVn2gQ@comcast.com>, charlesnewman1
> > @comcast.net.do.not.spam.me says...
> > > >
> > > > 2) Antivirus software - never run a server (Windows) without it,
> always
> > > > have it on the clients systems too. Symantec Small business Edition
> 8.1
> > > > is cheap and works great on your platforms.
> > >
> > > If you are using a server, such as an ICS box, like I do, you only
> need
> > > to install antivirus protection on the ICS box. On my home network,
> > > I only have it installed on the ICS box, because that is the only
> machine
> > > that needs it. None of the client machines sitting behind the ICS box
> > > need it, becuase I have it on the ICS box. As long as your ICS box
> > > is protected by antivirus software, that would be enough.
> >
> > Wrong, you can still get infected on the local workstation as it passes
> > through the ICS box. The files that you download from the net are
> > streams that are not processed as files on the ICS box, they are passed
> > to the local workstations without being scanned by the ICS box.
> >
> > > An ICS box, running Tiny Personal Firewall, can do a lot more than
> > > a hardware firewall.
> >
> > I love tiny for my laptop, but you've got a lot to learn. Tiny on a
> > gateway is not anywhere near as powerful as a real firewall appliance.
> > You need to quit associating NAT Routers with a Firewall - they are not
> > firewalls, never have been, and never will be, they are strictly NAT
> > routers with added features that marketing types then call Firewalls.
>
> However, Tiny can do one thing that a hardware NAT cannot. Take
> the anonymous Australian chap that was bragging about how his online
> reporter friend was logging onto chat rooms without her employer not
> knowing. If they were running Tiny on the gateway machine to their
> network, the admins would have instantly been notified. Any activity
> not defined in the ruleset instantly generates a message on the screen
> to the network admin. The admins would have instantly known what
> she was up to. A hardware firewall would not be able to do that.
Every hardware or software firewall I know of can do that - you need to
understand the difference between a firewall and router with NAT. NAT
Routers are NOT NOT NOT NOT NOT Firewalls.
In most cases, the firewall rules (of real firewalls, soft or hard) are
setup to NOT allow anything out that is not specifically permitted. Most
hardware firewalls also have real-time monitoring GUI's that can show
every source/destination connection in real time. Any web connection
that stays longer than a couple minutes is most likely something other
than a web connections as web sites basically loose the connection once
the information has been fetched - a IRC type program would maintain the
connection, as would some of the tunnel type connections. It's very easy
to see.
> If they had been using Tiny, or any kind of software firewall, they would
> have immediately been notified would have been able to block it
> right away.
If they had been running any firewall they would have seen it - again, a
router is not a firewall.
Now, as for routers - some of them provide logging, you can monitor the
logs, import them into a spread sheet, then run a macro on them to
determine length of time a user was at any location, and if a location
has X number of hits - then you can easily see what people in your
network are doing.
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)