dumbTNtech
join:2003-04-29
Knoxville, TN
| reply to Steve
Re: Compentant Security
Say what you will, I've been doing ISP support for four years now and I haven't seen the ICF keep anyone offline. I have seen Zone Alarm suddenly block ALL incoming and outgoing traffic for no apparent reason. Then it's a real pain to remove. The ICF in WindowsXP seems to do a very good job. The only situation where it's not helpful is when you have a trojan on your system letting someone or something in. Of course, that never happens to anyone here.......
--
"Don't try to explain computers to a layman-easier to explain sex to a virgin."-R.A. Heinlein |
|
keyboard5684
join:2001-08-01
Youngsville, PA
 ·Teliax VOIP
 ·WestPAnet Inc.
 ·WestPAnet Inc. CA..
| reply to SpitefulCrow
iptables, a Linux thing. Completely off base. We are not talking about complex firewall operations (which in my opinion the FreeBSD ipfw is far superior to a simple iptables function in linux), we are talking about Windows firewalls.
Zone alarm compared to the Windows firewall that is built in. In my eyes the Windows firewall is better because it shuts up. I do not think you should have to watch a firewall, it should just do its job. How many people go through there firewall logs and actually do something about it?
PIX firewall can track and customize matching/action on every field of the frame. Even a Cisco router can do what you stated without the firewall feature set. Checkpoint firewall can do it all to. I can go on and on about how many different firewall setups are better but since you learned how to write an iptable rule congrats. |
|
SpitefulCrow
Insert Witty Tag Here
Premium
join:2003-06-04
Berkeley, CA
| reply to Rhobite
said by Rhobite  :
Even the older one lets you open ports individually.
Ooh wow, opening ports. That's so great.
iptables supports connection tracking and customized matching based on almost every field in the packet/frame. |
|
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs: | reply to Steve
Even the older one lets you open ports individually. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
1 edit | reply to keyboard5684
said by keyboard5684 :
Windows firewall allows you to modufy it to "open ports" or do what you wish.
The one in XP/SP2: yes. The older firewall really sucked (even though it did what it claimed).
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
keyboard5684
join:2001-08-01
Youngsville, PA | reply to SpitefulCrow
Windows firewall allows you to modufy it to "open ports" or do what you wish. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA | reply to SpitefulCrow
<xprave>Yay for firewalls that have more than two users</xprave> |
|
SpitefulCrow
Insert Witty Tag Here
Premium
join:2003-06-04
Berkeley, CA
| reply to Steve
said by Steve :
said by SpitefulCrow :
Yay for system boot procedures that load firewall code and rulesets before any kind of network interface is brought online. 
/linuxrave
<xprave>Yah for XP Service Pack 2, which does the same thing</xprave>
Yay for firewalls that give the user more control than "On" and "Off". /linuxrave |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to SpitefulCrow
said by SpitefulCrow :
Yay for system boot procedures that load firewall code and rulesets before any kind of network interface is brought online.
/linuxrave
<xprave>Yah for XP Service Pack 2, which does the same thing</xprave> |
|
