I've had DSL for about 3 years now. I didn't ask for a static IP but mine hasn't changed since I got it. It was a radical change from the bargain dialup service I used to have. On dialup, my connection had an hour limit, after which I was automatically disconnected. Every hour or less, my IP changed. At the time, I had ID-Blaster tied into the dialup. Every time my IP changed, so did my ID numbers. Combined with a random proxy setup and a firewall that didn't respond to incoming connection attempts, I wasn't easy to track. How times have changed.
For many years, I relied exclusively on a software firewall. The hardware firewall (Smoothwall 2.0) is a recent addition in comparison, added primarily as a gateway for my local network. It was also a great way to recycle an old PC (a P5-133) that wasn't powerful enough to run 98 decently, at a total cost of 3 networks cards. I consider a software firewall to be an essential component for applying the default-deny policy to internet access on a per-process level. Only those apps that require internet access to function can connect out, and only when and to where it's necessary. Software firewalls are not weak in themselves. Their primary weakness is the OS they run on. If that OS is well protected against compromise, the firewall will be reliable. I use Kerio 2.1.5, which is very much like Tiny with a few more features added, like being able to import and export rulesets. Kerio 2 can import the rulesets made by Tiny. I have yet to see it fail. Kerio 2 and Tiny 2 are ideal firewalls for 9X systems. They don't slow the system at all, even with old hardware. Properly configured, they can actually speed up internet apps slightly by preventing system executables (like Windows Explorer) from wasting bandwidth. On dialup, the improvement can be noticeable. A firewall like Kerio is also very good at controlling local or loopback traffic. I useProxomitron to filter the web content to all browsers. The loopback rules in Kerio prevent the browsers from bypassing Proxomitron, protecting it from a lot of malicious code in the process. The advantages of controlling loopback connections can be demonstrated with the PCAudit2 firewall leaktest. Although it's generally regarded as a test of HIPS ability to intercept DLL injection, it can also be used to demonstrate how malicious code can gain internet access by using loopback connections to apps with internet access. With well designed loopback rules, this test (and malware that uses these methods) can be defeated with just a firewall. Combined with a process whitelist created by the policy editor, this gives 2 layers of defense against malware of this type. If one layer fails, the next still protects you. The addition of HIPS software effectively puts 4 layers in the way, the 2 already mentioned plus blocking of the global hook and preventing the adding of autostart entries for the malicious code. More on HIPS later.
Some users don't like rule based firewalls like Kerio because they require the user to have a basic knowledge of the IP system and how it works. 9X users are already in the position of having to provide their own support. A basic understanding of the IP system and firewall rules is an extension of that. The ability to write good firewall rules is rapidly becoming a lost art, thanks largely to security suites with automatic rule creation and an emphasis on combined security packages and added features, most of which are not 9X compatible.
No comments:
Post a Comment