<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.5762.3">
<TITLE>RE: [Full-Disclosure] Zone Alarm</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">So, Once you PAY for ZoneAlarm, you don't have to worry about CPU and MEM hogs...</FONT>
</P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">but my solution:</FONT>
</P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">ZoneAlarm on the PC you are using. Get smart, you dont go to a port city have unprotected sex, </FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">so when you jack in you should have something covering your ass...</FONT>
</P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">LinkSys Wireless Access Point Cable/DSL with 4 Port Switch. This too has a Zone Alarm </FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">install on it. But NAT is NAT. Now you can DoS these, and a poorly configured one or </FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">default password set is bad. Duh.</FONT>
</P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">SnapGearPro if you need VPN and such. They work. They are linux based. Easy to use.</FONT>
</P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Everything has to be done in layers. No services running or installed which aren't being used. </FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Configure your services. Defaults are bad for you. Chroot. Change passwords, use permissions. Check SUID.</FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">ipchains/iptables/ipfw is running and filtering every other port, even the ports which are not listening.</FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">The switches have to be maintained. You can tell a switch what to do, it'll listen. </FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Then your routers need to be configured properly. How many times do you see in your logs </FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">10.30.40.200 trying access something. There is no reason for RFC1918 addresses to get passed by </FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">routers, spoofed or not.</FONT>
</P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Security is easy, but it is time consuming. Sorry about the digression...</FONT>
</P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Zone alarm is good, but it is only 1 layer. (its only good AFTER you pay for it IMO)</FONT>
</P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">PS. the URL is fuX0r3d. </FONT>
</P>
<BR>
<UL>
<P><FONT SIZE=2 FACE="Arial">----------</FONT>
<BR><B><FONT SIZE=2 FACE="Arial">From:</FONT></B> <FONT SIZE=2 FACE="Arial">Jason</FONT>
<BR><B><FONT SIZE=2 FACE="Arial">Sent:</FONT></B> <FONT SIZE=2 FACE="Arial">Wednesday, June 4, 2003 11:53 AM</FONT>
<BR><B><FONT SIZE=2 FACE="Arial">To:</FONT></B> <FONT SIZE=2 FACE="Arial">morning_wood</FONT>
<BR><B><FONT SIZE=2 FACE="Arial">Cc:</FONT></B> <FONT SIZE=2 FACE="Arial">Ben Tyson-Norrman; full-disclosure@lists.netsys.com</FONT>
<BR><B><FONT SIZE=2 FACE="Arial">Subject:</FONT></B> <FONT SIZE=2 FACE="Arial">Re: [Full-Disclosure] Zone Alarm</FONT>
</P>
<P><FONT FACE="Chicago">Unfortunately the $40 'hardware' devices are not either.</FONT>
</P>
<P><FONT FACE="Chicago">Please reference the excellent work by Core</FONT>
<BR><U><FONT COLOR="#0000FF" FACE="Chicago"><A HREF="http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10">http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10</A></FONT></U>
</P>
<P><FONT FACE="Chicago">and the _much_ more expensive 'hardware' devices are just as prone</FONT>
</P>
<P><U><FONT COLOR="#0000FF" FACE="Chicago"><A HREF="http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml">http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml</A></FONT></U>
<BR><U><FONT COLOR="#0000FF" FACE="Chicago"><A HREF="http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml">http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml</A></FONT></U>
<BR><U><FONT COLOR="#0000FF" FACE="Chicago"><A HREF="http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-regression-pub.shtml">http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-regression-pub.shtml</A></FONT></U>
<BR><FONT FACE="Chicago">...</FONT>
<BR><U><FONT COLOR="#0000FF" FACE="Chicago"><A HREF="http://www.cisco.com/warp/public/707/advisory.html">http://www.cisco.com/warp/public/707/advisory.html</A></FONT></U>
</P>
<P><FONT FACE="Chicago">For a personal solution Zone Alarm is quite possibly more adequate and </FONT>
<BR><FONT FACE="Chicago">appropriate.</FONT>
</P>
<P><FONT FACE="Chicago">morning_wood wrote:</FONT>
</P>
<P><FONT FACE="Chicago">>Zone Alarmbuy a $40 hardware router. Software firewalls are not a security solution IMHO.</FONT>
<BR><FONT FACE="Chicago">></FONT>
<BR><FONT FACE="Chicago">>morning_wood</FONT>
<BR><FONT FACE="Chicago">> ----- Original Message ----- </FONT>
<BR><FONT FACE="Chicago">> From: Ben Tyson-Norrman </FONT>
<BR><FONT FACE="Chicago">> To: full-disclosure@lists.netsys.com </FONT>
<BR><FONT FACE="Chicago">> Sent: Wednesday, June 04, 2003 8:53 AM</FONT>
<BR><FONT FACE="Chicago">> Subject: [Full-Disclosure] Zone Alarm</FONT>
<BR><FONT FACE="Chicago">></FONT>
<BR><FONT FACE="Chicago">></FONT>
<BR><FONT FACE="Chicago">> I'm not sure I can ask this question without derision, but here goes... </FONT>
<BR><FONT FACE="Chicago">></FONT>
<BR><FONT FACE="Chicago">> Zone Alarm, is it really as crap as everyone makes out.... or is the usual posturing by ill-informed...? </FONT>
<BR><FONT FACE="Chicago">></FONT>
<BR><FONT FACE="Chicago">> Many thanks all </FONT>
<BR><FONT FACE="Chicago">></FONT>
<BR><FONT FACE="Chicago">> Visit our web site @ www.twowaytv.com </FONT>
<BR><FONT FACE="Chicago">> This e-mail and its attachments are intended for the above named recipient(s) only and may be confidential, legally privileged and protected by law. If you are not a named addressee or have received this transmission in error, please notify us immediately at postmaster@twowaytv.co.uk and then delete this e-mail. As Internet communications are not secure we do not accept legal responsibility for the contents of this message or responsibility for any change made to this message after the original sender sent it. Save for this legal notice, the contents or opinions contained within this e-mail are solely those of the sender and do not necessarily represent those of Two Way TV Ltd unless otherwise specifically stated. </FONT></P>
<P><FONT FACE="Chicago">></FONT>
<BR><FONT FACE="Chicago">> </FONT>
<BR><FONT FACE="Chicago">></FONT>
</P>
<BR>
<P><FONT FACE="Chicago">_______________________________________________</FONT>
<BR><FONT FACE="Chicago">Full-Disclosure - We believe in it.</FONT>
<BR><FONT FACE="Chicago">Charter:</FONT><U> <FONT COLOR="#0000FF" FACE="Chicago"><A HREF="http://lists.netsys.com/full-disclosure-charter.html">http://lists.netsys.com/full-disclosure-charter.html</A></FONT></U>
</P>
<BR>
</UL>
</BODY>
</HTML>