Re: Unable change firewall settings
"Chappy" <Chappy@discussions.microsoft.com> wrote in message
news:961E9B3B-BDA5-4D1E-AFEF-86492F7B53EF@microsoft.com...
> LOL Mr Arnold....you're talking out of yous @ss!
>
> I've been in the AV & security field for over 20 years, so I DO know what
> I'm talking about.
> I run Comodo Firewall Pro and if you need confirmation of just how bad the
> Windows firewall is, check out the highest ranked Firewall testing
> facility,
> Matousec http://www.matousec.com/projects/firewall-challenge/ and see for
> yourself.
>
That is BS you're talking about Comodo.
Something like that junk Comodo is not even a FW. It's a machine level
packet filter that protects at the machine level. That junk you're talking
about doesn't fit the definition of FW. That junk doesn't not separate two
networks. A FW will protect from the network it's protecting from usually
the Internet and the network it is protecting the LAN. A FW sits at the
junction point between the two networks.
In either case, a FW must have have two network interfaces. One interface
must face the network it is protecting from, and the other interface must be
facing the network it is protecting. It doesn't matter if it is a hardware
device such as a FW appliance or a host based network FW running on a
secured/locked down gateway computer, with the gateway computer using two
NIC(s).
A FW segments networks and reduces the risk of damage between networks.
What is being talked about are FW(s) and some junk like Comodo and other 3rd
party solutions are not FW(s).
http://www.more.net/technical/netserv/tcpip/firewalls/
> Snake oil crap....security blanket...you're Funny!!!
Well, that's exactly what they are 3rd party snake-oil solutions that
introduces more security i8ssues/risks to the machine.
> Except, I forgot to laugh because I know more about securing a Windoes box
> than you'll learn in your lifetime...a$$hole
Sure you do. So you know how to lock down a machine whether it be a
workstation or server running IIS with the machine facing the public
Internet. You know how to secure/lockdown the O/S, IIS, file system,
registry and user accounts for a machine that's facing the public Internet.
I would much rather use the Vista packet filter or FW if you like and IPsec,
with the Vista packet filter being an intergrated part of the O/S which will
hold connections to a newtork until its FW/packet filter is up and running
before inbound or outbound connections can be made based on filtering rules
set, which can be done by the advanced features of the Vista packet filter,
if I need be.
http://articles.techrepublic.com.com/5100-10878_11-6098592.html
I also like to use IPsec in a supplement fashion behind the Vista packet
filer in case its packet filter or any 3rd party packet filter, which most
won't even call a 3rd party solution a packet filter, is taken out or
circumvented on the machine.
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/CONTENTS/articles/ipsec.htm
http://support.microsoft.com/kb/813878
That's when any machine I have has a direct connection to the modem and to
the Internet. When the machines are behind my Watchguard FW appliance, the
Windows and Linux machins have no need to run a FW/packet filter.
BTW, I have been doing this since 1971, and I am still going strong in
Information Thecnology. 