>
> Well, I agree that a host firewall is a good way to stop an
> internal attack, but I wonder how important that is, compared
> to all the other attacks that go on? An interesting question.
>
> My problem with having a firewall on an unsecure platform
> like Windows is that, using your analogy, I worry very much
> about vandals not going through the door, but around it. If
> someone finds a way to co opt the TCP stack, it doesn't
> seem to me that such a firewall is going to be much good.
> I also wonder of other methods to mess with a process,
> disabling it (what happens then? Is it passive, or does
> it not let anything though, breaking net connectivity?).
>
> But yes, it *will* prevent certain kinds of attacks. Maybe
> even 98% of them; certainly the stupid script kiddie attacks
> that are prevelant these days.
>
> When I think of border fiewwalls, I think of departmental
> entities, not campus-wide. Yes, I can readily see how
> hard it is to deal with emense data streams, but besides
> that, one common firewall imposes restrictions that some
> units need but perhaps might impede others. I don't
> think a one size fits all firewall solution works except
> for global policy issues.
I'd say that the firewall on the server is *very* important. Going back
to your earlier post, it's another layer of the onion. As far as the
TCP stack goes, the firewall software normally fits in at a fairly low
(early) level, so it can block many of the attacks aimed at the TCP
stack. I would be more concerned about the security of the ports and
addresses that are allowed through the firewall, once the firewall is in
place.
For a good, concrete example, a first cut at a firewall ruleset might be
to disallow the Microsoft ports (135-139, 445) from any off-campus
addresses, or perhaps any address outside of your building. You can put
in some exceptions for key users or administrators, and still block a
large variety of potential attacks. Of course a better ruleset blocks
everything *but* the desired external ports and addresses.
Doug Nelson [log in to unmask]
Network Manager Ph: (517) 353-2980
Computer Laboratory http://www.msu.edu/~nelson/
Michigan State University
|