[Dshield] "Personal Firewalls" are mostly snake-oil"

Jens Knoell jens at ing.twinwave.net
Sat Jul 20 21:34:20 GMT 2002


From: "Keith G" <keith.gainford at which.net>
> In view of the above statement taken from Sam Spades site. Are home users
> wasting their time using so called "Personal Firewalls"?.

Lets put it this way: Firewalls are generally overrated. They are _one_
level of protection, but to many people they seem to be _THE_ONLY_
protection.

To put it in perspective:
A Firewall can help you secure your network or host, by specifically
allowing certain connections inbound or outbound. Optimally, they DENY
everything by default, and require the admin to knowingly allow every
desired connection.

So, in a scenario like this, a firewall will help:
A host gets infected by a trojan which opens a backdoor at port 31337 - but
the firewall does not allow connections from or to 31337, thus the backdoor
cannot be accessed.

But: Firewalls do NOT protect from remotely exploitable bugs in your
software. So, if you have (for example) a vulnerable IIS, a remote attacker
can still gain access to your system, and possibly compromise it despite
your firewall.

Thus, a firewall _helps_ protect your network, but it's by no means the
fortification it's made up to be. Firewalls aren't roadblocks for hackers.
They're speedbumps, and only if properly configured.

Jens




More information about the list mailing list