Firewall #3

My router appears to be green on all covered ports, using Shields Up. 
Why then do I need a software firewall, or is that now unnecessary?

riserman
0
riserman
2/17/2014 1:03:32 AM
grc.security 16608 articles. 3 followers. Follow

6 Replies
1037 Views

Similar Articles

[PageSpeed] 30
Get it on Google Play
Get it on Apple App Store

On 16-02-2014 22:03, riserman wrote:
> My router appears to be green on all covered ports, using Shields Up.
> Why then do I need a software firewall, or is that now unnecessary?
> 
> riserman

You are right. We are almost never with a public IP, hotwired to the
Internet. Behind a NAT router, mostly machines from the Internet are
unable to reach your computer directly.

However, your machine is still accessible by others devices on the same
local network. This might be OK if you are using your own WiFi at home,
but that's not always the case. For example, if you are using free WiFi
at Starbucks or paying for it at a Hotel, your machine would not be
protected from others who are also using it. The LAN network might be
configured to hide other devices from each other, but sysadmins are
still able to see everythinhg.

In that sense, it's always a good idea to keep unsed ports blocked at
your endpoint to avoid attacks from within your network.
0
Julio
2/17/2014 2:24:41 AM
Julio H. Morimoto was heard to say :

> In that sense, it's always a good idea to keep unused ports blocked at
> your endpoint to avoid attacks from within your network.

And, if it is a laptop, every time you go outside and connect to a hot-spot 
or external network, you must have a firewall.

In short, leave the firewall in your computer working, most of the time it 
will not give any problem and will protect you in many conditions.

-- 
Mark Cross @ 02/16/2014 10:33 p.m.
If you don't care where you are, then you ain't lost.

0
Mark
2/17/2014 2:36:05 AM
Mark Cross wrote:
> Julio H. Morimoto was heard to say :
>
>> In that sense, it's always a good idea to keep unused ports blocked at
>> your endpoint to avoid attacks from within your network.
>
> And, if it is a laptop, every time you go outside and connect to a hot-spot
> or external network, you must have a firewall.
>
> In short, leave the firewall in your computer working, most of the time it
> will not give any problem and will protect you in many conditions.
>
Also, if some of your software wants to phone home without permission, a 
software firewall can prevent that.

0
F
2/17/2014 8:38:43 PM
[for the unabridged version, see F.C.'s post above]

> Mark Cross wrote:
>> Julio H. Morimoto was heard to say :
>>
>>> In that sense, it's always a good idea to keep unused ports blocked at
>>> your endpoint to avoid attacks from within your network.
>>
>> And, if it is a laptop, every time you go outside and connect to a
>> hot-spot or external network, you must have a firewall.
>>
>> In short, leave the firewall in your computer working, most of the time
>> it will not give any problem and will protect you in many conditions.
>>
> Also, if some of your software wants to phone home without permission, a
> software firewall can prevent that.

Be advised that is not always true. For example, not with the firewall 
built into Windows XP.
0
DSLR
2/17/2014 8:54:42 PM
On 2/17/2014 3:54 PM, DSLR User 595148 wrote:
> [for the unabridged version, see F.C.'s post above]
>
>> Mark Cross wrote:
>>> Julio H. Morimoto was heard to say :
>>>
>>>> In that sense, it's always a good idea to keep unused ports blocked at
>>>> your endpoint to avoid attacks from within your network.
>>>
>>> And, if it is a laptop, every time you go outside and connect to a
>>> hot-spot or external network, you must have a firewall.
>>>
>>> In short, leave the firewall in your computer working, most of the time
>>> it will not give any problem and will protect you in many conditions.
>>>
>> Also, if some of your software wants to phone home without permission, a
>> software firewall can prevent that.
>
> Be advised that is not always true. For example, not with the firewall
> built into Windows XP.
>
On that last point, ESET, which I'm using, does block "phoning home." 
That, to me, seems the best argument for running a software firewall 
with a router on a PC at home.

Thanks everybody for answering my question.
0
riserman
2/18/2014 1:01:39 AM
DSLR User 595148 wrote:
> [for the unabridged version, see F.C.'s post above]
>
>> Mark Cross wrote:
>>> Julio H. Morimoto was heard to say :
>>>
>>>> In that sense, it's always a good idea to keep unused ports blocked at
>>>> your endpoint to avoid attacks from within your network.
>>>
>>> And, if it is a laptop, every time you go outside and connect to a
>>> hot-spot or external network, you must have a firewall.
>>>
>>> In short, leave the firewall in your computer working, most of the time
>>> it will not give any problem and will protect you in many conditions.
>>>
>> Also, if some of your software wants to phone home without permission, a
>> software firewall can prevent that.
>
> Be advised that is not always true. For example, not with the firewall
> built into Windows XP.
>
True.  I was thinking more of a third party firewall such as Outpost or 
Kerio.

0
F
2/18/2014 6:33:40 PM
Reply:

Similar Artilces:

Security Advisory for Bugzilla 3.2.3 and 3.3.4
Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers one security issue that has recently been fixed in the Bugzilla code: * Bug reporters could confirm their bugs and change their bugs' statuses, even if they didn't have the appropriate permissions. All affected installations are encouraged to upgrade as soon as possible. Vulnerability Details ===================== Class: Unauthorized Bug Change Versions: 3.1.1 through 3.2.3, 3.3.1 through 3.3.4 Fixed In: 3.2.4, 3.4rc1 D...

Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5
--Sig_/7+QS=YT68me2o8pI2lL1LPd Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Summary =3D=3D=3D=3D=3D=3D=3D Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers three security issues that have recently been fixed in the Bugzilla code: * Users without the "canconfirm" privilege could enter a bug as NEW or ASSIGNED by using the XML-RPC interface. * When viewing several bugs at once, there was a Cross-Site Scripting hole. * The inbound email interface allowed you t...

[ANN] Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * There is a way to inject both headers and content to users, causing a serious Cross-Site Scripting vulnerability. * It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names. * YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contain...

[ANN] Security Advisory for Bugzilla 3.2.1, 3.3.2, and 3.0.7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, generated insufficiently random numbers, resulting in all random tokens being the same, all CSRF protection being defeated, and the new attachment_base functionality being compromised. Only these releases were affected--earlier releases are not affected. All affected installations are encouraged to upgrade as soon as possible. Vulnerability Details =========...

[ANN] Security Advisory for Bugzilla 3.2.6, 3.4.6, 3.6, and 3.7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * Everybody could search for time-tracking information, not just members of the timetrackinggroup. * Under suexec, "localconfig" was world-readable, meaning that local users with shell access to the Bugzilla server may have been able to see the database password and the site_wide_secret. All affected installations are encouraged to upgrade as so...

Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP injection. * Extensions are not protected against directory browsing by default and users can view the source code of templates used by the extensions. These templates may contain sensitive data. All affected installations ar...

[ANN] Security Advisory for Bugzilla 3.2.9, 3.4.9, 3.6.3, and 4.0rc1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. Recently, Mozilla expanded its security bug bounty program to include web applications (http://www.mozilla.org/security/bug-bounty.html). As a result, several new security issues affecting Bugzilla were discovered: * A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account. * A weakness in the Perl CGI.pm module allows injecting HTTP headers and content to users via several pages...

[ANN] Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security issues that have recently been fixed in the Bugzilla code: + Some files stored on the web server are not correctly protected against external access and can be viewed from a web browser. + Restricting a bug to a group while moving the bug to another product has no effect if the group is not used by both products. The bug may become public if no other group restriction applies. All...

[ANN] Security Advisory for Bugzilla 3.2.7, 3.4.7, 3.6.1, and 3.7.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * It was possible to (at least partially) determine the membership of any group using the Search interface. * It was possible to use the 'sudo' feature without sending a notification to the user being impersonated. * The 'Reports' and 'Duplicates' pages let you guess the name of products you could not see, due to the error message ...

3 security questions. Real One, Spy Sweeper, and Firewalls.
While reading about Steve Gibson's identification of the Real One ID tagging and information transmissions in 2000=02, I was wondering, if anyone was aware of Real one doing this still... though I don't use Real One downloader, I was wondering if it did this with files that Real one Plays. Secondly, Anyone have any thoughts of Webroots SpySweeper? I use AdAware and Spybot, and while listening to a recent NPR program on spyware, the PC tech there said they found that SpySweeper found the most, and that none found all. I downloaded it and did find 2 extra spyware programs. ...

[ANN] Security Advisory for Bugzilla 3.4.3 and 3.5.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. * Aliases of hidden bugs would show up in the "Depends On" and "Blocks" list of other bugs, even if you didn't have permission to see the hidden bugs. All affected installations are encouraged to upgrade as soon as possible. Vulnerability Details ===================== Class: Information Leak Versions: 3.3.2 to 3.4.3, 3.5 to 3.5.1 Fixed In: 3.4.4, 3.5.2 Description: When a bug is...

Thunderbird 3.1.3 and 3.0.7 security updates now available
As part of Mozilla’s ongoing security and stability update process, Thunderbird 3.1.3 and Thunderbird 3.0.7 are now available as free downloads for Windows, Mac, and Linux from http://getthunderbird.com/. As always, we recommend that users keep up to date with the latest stability and support versions of Thunderbird. Thunderbird 3.1.3: http://getthunderbird.com/ Thunderbird 3.0.7: http://www.mozillamessaging.com/en-US/thunderbird/all-older.html We strongly recommend that all Thunderbird users upgrade to these latest releases. If you already have Thunderbird, you will receive...

Firewall + Firewall Policy = Improved Security
So far this year analysts, government bodies and even security companies have all stated that Internet security incidents are on the rise. Whether fact or fiction, the truth of the matter is that any company with a connection to the Internet increases the threat of theft, hacking, vandalism and data loss. But most companies know this don't they? More than likely, yes. So they use a firewall to protect themselves don't they? Probably. Well they're safe then, and can sit back and put their feet up, can't they? No. All organisations need to protect the valuable data and ...

security update 3.6.3
Name: Bob(FüKkyër™) Email: FIGHT FOR WHAT FREEDOM!!!! down with democracy Product: Firefox Summary: security update 3.6.3 Comments: hi mozzila someone just attempted to hack me thru google.co.uk/ig using ".1nltui3li1cdki8kde21baj1igs7ekjc.ig.ig.gmodules.com" so i checked all my settings cookies,etc and noticed in update history that the latest security update from yous 3.6.3 says installed on "thursday january 1st 1970 0:00:00 AM" ??? also i have google.com/ig as my home page but now it keeps going to google.co.uk/ig no matter what i do in url so...

[ANN] Security Advisory for Bugzilla 3.4.1, 3.2.4, and 3.0.8
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. * Two SQL injection attacks have been discovered in Bugzilla. One only affects the 3.4 series, while the other affects the 3.0, 3.2, and 3.4 series. These are extremely serious vulnerabilities that must be patched immediately. * When a user would change his password, his new password would be exposed in the URL field of the browser if he logged in right after changing his password. All affected installations are...

Web resources about - Firewall #3 - grc.security

Firewall (construction) - Wikipedia, the free encyclopedia
Firewalls can be used to separate high value transformers at an electrical substation in the event of a mineral oil tank rupture and ignition. ...

China’s firewall cracks: Facebook allowed in free-trade zone of Shanghai
... out that China looks quite dark. That may change soon. According to the South China Morning Post , Beijing is lifting the Internet firewall ...

NSA Firewall - Don't be spied on! on the App Store on iTunes
Get NSA Firewall - Don't be spied on! on the App Store. See screenshots and ratings, and read customer reviews.

Great Firewall of China - Flickr - Photo Sharing!
... has blocked access to all images on Flickr in China. http://www.flickr.com/help/forum/41998/ Oops! My blog too! http://www.greatfirewallofchina.org/ ...

"Firewall" (Say NO to #SOPA and #Protect-IP) - YouTube
Music and Lyrics by Leah Kauffman Visit http://www.voteforthenet.com and http://www.stopcensorship.org to save the internet! Buy single on iTunes ...

Security appliances are riddled with serious vulnerabilities, researcher says - firewalls, Citrix, antispam ...
The majority of email and Web gateways, firewalls, remote access servers, UTM (united threat management) systems and other security appliances ...

Google encrypts China searches, defying Great Firewall
Google has begun routinely encrypting web searches conducted in China, posing a bold new challenge to that nation's powerful system for censoring ...

Forget the firewall, it's time to cosy up to your data
Businesses must go beyond the ‘perimeter’ approach to security and focus on understanding the nature of their data and managing access accordingly. ...

Firewalls in firing line as US military plans data-centric network
... Information Systems Agency (DISA) is planning a complete overhaul of its network architecture that could spell the end for conventional firewalls, ...

Greek euro exit might expose weakness in Europe’s firewalls
We know from memoirs and a torrent of leaks that Europe's creditor bloc came frighteningly close to ejecting Greece from the euro in early 2012, ...

Resources last updated: 12/11/2015 1:53:06 AM