Intrusion detection system. Basically watches every packet/conversation and alarms on suspicious activity. Google for "snort"
Probably overkill on a home network, but if anything fishy is going on it will find it.
Intrusion detection system. Basically watches every packet/conversation and alarms on suspicious activity. Google for "snort"
Probably overkill on a home network, but if anything fishy is going on it will find it.
Where would you draw the line between SPI that monitors every packet and the IDS? Is it that the IDS will alert you to suspicious activity while the typical firewall with SPI just blocks the traffic?
I have never once updated my machine and I never use a firewall. The only reason I installed SP1 was for the USB 2.0 support
Never ONCE have I ever had any sort of infection that I didn't cause by downloading a malicious program and running it myself.
Never ONCE have I ever had any sort of infection that I didn't cause by downloading a malicious program and running it myself.
Stateful firewalls are only aware of the state of a connection. They frequently don't look past layer 4 into the application layer. Nor do they really care to (although some models offer basic IDS functionality) - the just allow or disallow connections based on ip and port information and whether it is part of an already established conversation.
IDS goes further. It inspects the entire packet and conversation. For example if a worm uses a particular buffer overflow and the packets used to exploit that overflow are something like "HTTP GET %%%%%%%%%%%%%%%%%%%%%%%%%..." it will alarm.
IDS is basially pattern and signature based. If a conversation matches a particular pattern or "signature" it will flag it. You can take it further by having the IDS inline and have it actively drop packets/conversations it deems suspicious.
Well, lets see... By the time you pile up an average user with that much "protection" between them and the internet, you might as well just tell them to unplug the network connection. Most users are way more likely to have problems setting all of that up than they ever would have had using none of it and just getting Windows Updates.
Your solution is fine for larger organizations that need it, and total crap for everyone else.
all of my computers are / were. Not to mention all of the friends and family computers I set up in the same way
that's really strange then. An unpatched windows box normally will get hit with codered, nimda, slammer, msblast or any of the other worms within minutes.
If I take sniffs of raw internet traffic (meaning from Tier1 providers, completely unfiltered) its all over the place. Sounds like the providers have something in place.
My roommate's computer is infected with all kinds of crap as he plugged into the ethernet jack and powered on without any firewall or AV sw. I ran AdAware on my machine for the first time in months and all it found was cookies; whereas it finds at least 50 malicious files on his every day. I gave him ZoneAlarm and it blocked over 100 intrusions in less than 2 minutes of installing it.
I don't agree.
A hardware firewall (i.e SOHO router) requires a one time setup procedure - set it and forget it. Software firewall is native to XP and is turned on by default on SP2. Autopatching = automatic updates; where's the complexity there seeing as how the process is automatic and silent, perhaps only warranting a restart at some point?
As for other security software, I have come across several problematic security products:
* Norton Internet Security when improperly configured can lock a system down too tightly.
* Certain AntiSpyware products have blocked legitimate and safe content (i.e disney.com pages).
* First generation pop-up blockers that were set too high and prevented legitimate popups.
For every person who professes to maintain minimal security efforts and who has never experienced any issues, there are countless others who have experienced computer problems resulting data loss, time being wasted, and money spent to fix what could have been set up one time with minimal effort and cost.
Amused
Elite Member
- Apr 14, 2001
- 57,445
- 19,893
- 146
I recently cleaned a friend's computer, and found a nasty worm/spyware that NOTHING would erase. It kept installing "elite bar."
I tried all the spyware programs, including one's written for this, and norton anti-virus. They would find it, clean it, but it would be back at every reboot.
I finally fixed it because I figured out what it was doing.
It would write it's base .exe install file to memory on boot, then write that back to disk with an install command at shutdown. That way if it was cleaned, it would reinstall on boot. Once installed, it would download so much spyware, the computer was unusable in just a few hours.
The only way to stop it was with active spyware protection (MS's worked best). Once I installed MS's spyware program, turned on active monitoring cleaned the computer, and rebooted, cleaned again and rebooted again, it was finally gone. I believe MS's spyware protection loaded before the spyware could reload itself, and stopped any changes.
Many people think they've cleaned a computer, only to find it reinfested not long after. I believe this may be the reason.
Here is the thing, was this XP machine properly patched? I think the difference between a properly patched system and non properly patched is very very large. When I didn't have patches, I used to get DDOS attacks all the time on my machine (kaspersky notified me) but when I updated my machine with patches, the attacks went away so...
SECURITY PATCHES FTW!!!! You don't get attacks when your machine is properly patched up, those attackers are taking advantage of exploits in windows XP and when you don't patch it up, you get attacked.
sandorski
No Lifer
- Oct 10, 1999
- 70,805
- 6,361
- 126
When I got my cable setup recently I was so excited and proceeded to start surfing. Within minutes my system ground to a halt!
I should have known better, but for many years I accessed the internet through a LAN that used ZA and a Router for FWs. I also didn't manage it, so it wasn't something that I paid any attention to.
Live and Learn.
I should have known better, but for many years I accessed the internet through a LAN that used ZA and a Router for FWs. I also didn't manage it, so it wasn't something that I paid any attention to.
Live and Learn.
HomeBrewerDude
Lifer
- Jan 18, 2001
- 14,465
- 1
- 0
Then I highly suggest NOT BEING A TARDJOB AND VISITING PORN SITES AND TERRIBLY INEFFECTUAL HTTP WAREZ SITES.
you'd be amazed at how many big name public servers get hit with worms.
I mean its not like I do this for a living or anything.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter