[unisog] Personal Firewalls

Dave Ellingsberg dave.ellingsberg at csu.mnscu.edu
Fri Apr 12 12:34:23 GMT 2002


A good paer on the topic of XP's IDS system.  Includes a comparission to
ZoneAlarm.

http://rr.sans.org/win/XP_firewall2.php 

bigfoot

>>> Peter Van Epp <vanepp at sfu.ca> 04/11/02 10:20PM >>>
> 
> 
> I just got a new computer at home with XP Home. I turned on the
> included firewall and did a quick external scan and didn't even 
> see it. Pretty cool for free :)
> 
> I think its just a simple, stateful packet filter so it won't 
> tell people when a remote control trojan or IRCBOT fires up 
> but I think it will keep the trojan from being accessed from 
> the outside (assuming the trojan doesn't disable it :) . It 
> should also protect computer owners who don't know they're 
> running IIS from Nimda and I assume it won't let people hack 
> at the C$ share in the Professional version.
> 
> Anyone done any real evaluation on it? Next year, all the
> new student computers will probably have it available.
> 
> -- 
> Gary Flynn
> Security Engineer - Technical Services
> James Madison University
> 
> Please R.U.N.S.A.F.E.
> http://www.jmu.edu/computing/runsafe 
> 

	Being a suspicious sort (and having spoken with an uncredited
firewall
developer about their NT product :-) ) I'd be tempted to re run the
scan during 
a boot. It was said of NT (acting as a pass through firewall which is a

different case) that it brings up the interfaces and forwards packets
for 
15 to 20 seconds before services start (one of which is the firewall
software).
In this case there may not be anything else interesting active before
the 
firewall but it might also be interesting ...

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada



More information about the unisog mailing list