[Dshield] XP's Firewall

Johannes B. Ullrich jullrich at sans.org
Mon Mar 18 15:48:25 GMT 2002

Hash: SHA1

> Now I know htat one is an IDS and another is a Firewall, but the fact
> is that layered security is the best.  

Layered security should however not just be based on redundancy, but
also on diversity. So instead of running 3 different firewalls, a
better use of resources may be:

- - virus checker
- - person firewall on workstations
- - IDS (not just network based, but also host based like tripwire)
- - perimeter protection (e.g. something like a linksys router for
  home users)
- - and never forget 'safe computing practices'... probably the cheapest
  and a very effective protection method (don't download software from
  untrusted sources, use good passwords, keep software up to date...)

In my opinion, for a home user, a personal firewall and a virus checker 
should suffice. A small office should probably add some kind of network
firewall and tripwire. A network IDS (snort, blackice ...) is probably
the next step (but doesn't do much good if you don't have people to
attent to it... most small companies don't)

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


More information about the list mailing list