Re: [Nolug] notes from last night's meating

From: Scott Harney <scotth_at_scottharney.com>
Date: Fri, 18 Oct 2002 10:37:17 -0500
Message-ID: <20021018153717.GA27673@zenarcade.local.lan>

I've made a pass at fixing the broken links on the current site. Please
let me know if I have missed any

On Fri, Oct 18, 2002 at 10:19:49AM +0000, Joey Kelly wrote:
> Our topic last night was: "Firewalls --- why you need 'em, how to defeat
> 'em".
>
> Three basic types of firewalls:
>
> 1. packet filers
> a. this is what unix users love to rely on
> b. ports, IPs, types of connections (SYN/ACK) (incoming & outgoing) are
> intelligently managed
> c. efforts made to stop hackers
>
> 2. application firewalls
> a. essential for windows machines (zone alarm is probably the best, and
> it's free)
> b. allows/disallows individual applications (Internet Exploder, Word)
> Internet connectivity
> c. helpful in spotting scripts/viruses attemting to call home
>
> 3. proxies
> a. shield your client or server from the internet
> b. connections are made to the proxy from behind the firewall, and a
> second connection is made to the remote server
> c. can run insecure app behind a proxy and thus be shielded from remote
> exploits (I use this for irc regularly)
>
>
> It is useful to layer your firewalls (and any other security scheme).
> Use of a packet filter plus proxies for your insecure apps make you less
> prone to attack. Zone Alarm does this, in that it is both a packet
> filter and application firewall.
>
> Just because you have a firewall doesn't mean that you're secure. If
> your firewall blocks everything except ssh and http, and your apache
> install has exploitable holes in it, you're still going to get cracked.
>
> ^C
>
> Stay tuned for exciting scenes from our next episode.
>
> --
> Joey Kelly
> Linux consultant in New Orleans, Louisiana, USA
> http://kellynet.dhs.org
>
> ---
> Alcohol and Calculus don't mix. Never drink and derive.
>
> ___________________
> Nolug mailing list
> nolug@nolug.org

-- 
Scott Harney<scotth@scottharney.com>
___________________
Nolug mailing list
nolug@nolug.org
Received on 10/18/02

This archive was generated by hypermail 2.2.0 : 12/19/08 EST