Re: IP range to CIDR list VB6 utility?
From: WinGuy (no_spam_at_nomail.bot)
Date: 09/21/04
- Next message: Grahammer: "After losing focux, Webbrowser loses user position in page."
- Previous message: Arne Beruldsen: "Scroll Bars"
- In reply to: Stefan Berglund: "Re: IP range to CIDR list VB6 utility?"
- Next in thread: Mike D Sutton: "Re: IP range to CIDR list VB6 utility?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 21 Sep 2004 15:33:17 GMT
"Stefan Berglund" <keepit@in.thegroups> wrote in message
news:om4uk0l70mctbqm9gfc0e4jtur10u309cp@4ax.com...
> One suggestion I'd make is to dump both BlackIce and ZoneAlarm
> and get Kerio. I used to use ZoneAlarm until I watched Dark
> Angel trojan take it out on every reboot. ZoneAlarm hardly
> affords any protection. Kerio is a bit more complicated but you
> sound like a guy who'd have no trouble setting it up. Oh, and
> it's free!
That's why I run 2 software based firewalls on the server itself: in case
one gets taken out by an infection. I've seen it happen with both of them
(just not on my own server so far!) No product is totally secure, I think
that's a safe assumption.
The reason the server box has BlackIce (BI) is because of its ability to
detect packet data content and perform recognition upon the data, so called
"attack signatures" and Zone Alarm Pro (ZAP) doesn't have that
functionality. Unfortunately, only the BI Server product version is very
configurable in that regard. I found that ZAP was better (actually, much
more stable) at detecting applications on the server that want to get out to
the internet (for example, the BI MFC application itself gets blocked by ZAP
when it tries to call home for some and in definite violation of its
configuration settings). But I found that ZAP is sensitive to operating
system updates and can itself cause boot problems.
Both BI and ZAP can be upgraded, but these are IMHO greedy rip-off
"subscription" updates, and updates are always an implementation pain in any
case. And making ZAP work with Microsoft IIS requires a registry change
regarding dependencies else it will, in time but not immediately, cause IIS
to silently stop responding. I'm not really happy with either product on a
server and they eat a lot of resources, but they're better than nothing. And
of course IIS uses URLScan to also detect attack signatures (and this is
definable), and I've spent 2 years fine tuning NTFS permissions and they
have come into play from time to time as some hacker would manage to get
through all protections right down to NTFS level only to end up with file
access permission denial (that brings a smile to my face). There's much more
security that I do on the box, and it has withstood ALL attacks for the last
2 years. But it sure does get excessively busy protecting itself from time
to time. I'd rather it just be a server!
Enter the IP Filter (IPF) stand-alone dedicated stateful IP-less fully
traffic transparent FreeBSD (FBSD) based firewall. It has no IP address used
with its NIC's and so it is not a gateway, it is truly traffic transparent
and can not be connected to without using at least a 3rd NIC having a LAN
address. Sits between the broadband modem and absolutely everything else. It
does not do packet data inspection like BI does, but it can log the 1st 128
data bytes so that another utility could look for attack signatures and
dynamically modify and then reload the IPF rules in response to an attack.
Being a stand alone box, it also can not detect unauthorized programs
attempting to use the internet like both BI and ZAP can. IPF is basically
only what its name implies, an IP address (and port) NIC interface sensitive
and traffic direction filter. But in that regard it truly shines. My only
annoyance with IPF is its usage of CIDR notation (the reason I started this
now off topic thread), but that's only a personal preference issue.
I don't think Kerio Personal is free any more ( see
http://www.kerio.com/kpf_price.html ). All you need with IPF is an old
"good for nothing else" box running a minimal install of FBSD (IPF comes
with FBSD) and 2 NIC's minimum, and a RAM/CPU/HDD combination capable of
keeping up with maximum LAN speed, and some minimal unix style syntax
understanding. A 6gig HDD with 400mHz CPU and 64megs RAM or better, and at
least 2 NICS, will suffice. It's really fast. Although some extra utilities
are needed to make IPF as effective or more powerful than any other firewall
one can find, it's expandability and open source code modifiability in that
regard under GNU license (and the fact that both it and its operating system
is 100% free even for commercial usage) just is not matched in the industry
by anything else that I'm aware of. And so my personal war against malware
coders continues (now in its 3rd intensive year, they got me in the first
year and started my quest for an ultimate security implementation and that
has become a very serious hobby since then! )
- Next message: Grahammer: "After losing focux, Webbrowser loses user position in page."
- Previous message: Arne Beruldsen: "Scroll Bars"
- In reply to: Stefan Berglund: "Re: IP range to CIDR list VB6 utility?"
- Next in thread: Mike D Sutton: "Re: IP range to CIDR list VB6 utility?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
