Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Outbound Security
- Thread starter mofusjtf
- Start date
If any virus, worm, tojan or spyware gets onto a computer, then they will phone home and invite their budies onto your computer.
Here's some links by typing in "do I need a firewall" @ google!
A software firewall or HIPS (Heuristic Intrusion Prevention Systems) programme will alert you to this and then the user can stop them from obtaining outbound/outgoing action and can therefore limit the damage done.
A firewall/HIPS programme by alerting you to this suspicious activity by a certain file ( worm, virus, trojan, spyware etc), usually acts as a early warning system that you have an intruder on your system which is now trying to contact their buddies/controllers out their in cyber world!
If this happens your computer can be turned into a bot zombie: used in DOS attacks, you can have your credit cards stolen and therefore find your bank accounts emptied and then the bank asking you to pay for overdrawing all because you forgot about a little bit of security called a firewall!!
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
Here's some links by typing in "do I need a firewall" @ google!
A software firewall or HIPS (Heuristic Intrusion Prevention Systems) programme will alert you to this and then the user can stop them from obtaining outbound/outgoing action and can therefore limit the damage done.
A firewall/HIPS programme by alerting you to this suspicious activity by a certain file ( worm, virus, trojan, spyware etc), usually acts as a early warning system that you have an intruder on your system which is now trying to contact their buddies/controllers out their in cyber world!
If this happens your computer can be turned into a bot zombie: used in DOS attacks, you can have your credit cards stolen and therefore find your bank accounts emptied and then the bank asking you to pay for overdrawing all because you forgot about a little bit of security called a firewall!!
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
- Thread starter
- #3
Thanks for the info. It will certainly prove helpful in my discussions with my collegues and customers.
However, the issue is not whether or not I need a firewall but whether or not I need to secure outbound Internet traffic? After all if spyware, virus, trojans, etc cannot enter the network then why do I need to prevent or gaurd outbound traffic?
However, the issue is not whether or not I need a firewall but whether or not I need to secure outbound Internet traffic? After all if spyware, virus, trojans, etc cannot enter the network then why do I need to prevent or gaurd outbound traffic?
To stop Windows files from willy nilly going out on to the internet for no reason and/or certain programs like windows media player, real player etc that want to send your data back to their respective sites!
There are many programs that try and connect out to the internet for no good reason at all . If you do a search in Xp using start/search, it tries to connect to the internet, why?
Why bother, just let them get screwed and then they'll soon learn?
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
There are many programs that try and connect out to the internet for no good reason at all . If you do a search in Xp using start/search, it tries to connect to the internet, why?
Why bother, just let them get screwed and then they'll soon learn?
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
mofusjtf, there are many reasons you might want to restrict outbound traffic; some of which have been mentioned.
If you are infected with a trojan then you have a good chance of stopping the controlling entity from gaining access to your computers. While avoiding the introduction of trojans in the first place is correct approach, you must always think several steps ahead. A member of staff may use an infected CD or you receive an infected e-mail before fresh definitions are out.
Restricting outbound traffic is important because it can allow you to handle things you don't know about. The field of computing is very diverse and there is little chance of you knowing every possible scenario. Because of this is it much better to block everything and allow through what you need rather than allow all and block what you 'know' you don't want.
Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
If you are infected with a trojan then you have a good chance of stopping the controlling entity from gaining access to your computers. While avoiding the introduction of trojans in the first place is correct approach, you must always think several steps ahead. A member of staff may use an infected CD or you receive an infected e-mail before fresh definitions are out.
Restricting outbound traffic is important because it can allow you to handle things you don't know about. The field of computing is very diverse and there is little chance of you knowing every possible scenario. Because of this is it much better to block everything and allow through what you need rather than allow all and block what you 'know' you don't want.
Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
If agree, even if you have secured as much as possible to prevent things from getting in, if something manages to get in, what then? There are many different ways for this crud to get on our systems, and anybody who has ever worked in any support role is familiar with the steps that the "average user" will take. You need outbound protection in case something happens. In case of compromise. It is one more layer of protection.
"Maturity is a bitter disappointment for which no remedy exists, unless laughter can be said to remedy anything."
-Vonnegut
"Maturity is a bitter disappointment for which no remedy exists, unless laughter can be said to remedy anything."
-Vonnegut
- Thread starter
- #7
I agree as well. Allow out only what is necassary. It is inevidtable that some type of spyware or virus will infect the average user. It also prevents thos P2P programs like Kazaa and Limewire from getting out and downloading illegal music, software, movies, etc.
Outside of MS Defender and Spybot are there any enterprise level, auto updating spyware protection programs to recommend? I currently use Trend Micro's CSM suite for desktop, server, email, virus and spam protection. It works sufficiently.
I am very interested in the outbound security feature of the new Vista FW.
Thanks for all the info / advice.
Outside of MS Defender and Spybot are there any enterprise level, auto updating spyware protection programs to recommend? I currently use Trend Micro's CSM suite for desktop, server, email, virus and spam protection. It works sufficiently.
I am very interested in the outbound security feature of the new Vista FW.
Thanks for all the info / advice.
Look at it a different way, the business model:
If you are a company trying to fight your way in a competitve market, how much business would you lose if you sent your main clients a virus, spyware or spam.
Imagine the scene:
Afternoon, can we interest you in xyz product?
Is that before or after I've bought your Penis Pills?
Pardon?
We get mails of you daily asking if we wish to enlarge our manhood. So why should we trust you? Oh and thanks for sending us xyz Virus which wiped out 3 of our servers. Our laywers will be in touch soon. Goodbye.
Extreme, but not unknown.
Only the truly stupid believe they know everything.
Stu.. 2004
If you are a company trying to fight your way in a competitve market, how much business would you lose if you sent your main clients a virus, spyware or spam.
Imagine the scene:
Afternoon, can we interest you in xyz product?
Is that before or after I've bought your Penis Pills?
Pardon?
We get mails of you daily asking if we wish to enlarge our manhood. So why should we trust you? Oh and thanks for sending us xyz Virus which wiped out 3 of our servers. Our laywers will be in touch soon. Goodbye.
Extreme, but not unknown.
Only the truly stupid believe they know everything.
Stu.. 2004
i saw a review of a few things in information security magazine. from their tests, they recommend the mcafee, but that seemed to be based mostly on its management utilities. in their testing they found that all of the enterprise level anti-malware products performed even worse than consumer level products in terms of detection and prevention.
"Maturity is a bitter disappointment for which no remedy exists, unless laughter can be said to remedy anything."
-Vonnegut
"Maturity is a bitter disappointment for which no remedy exists, unless laughter can be said to remedy anything."
-Vonnegut
Aye, it never pays to put all your eggs in one basket. We use AVG network edition for the workstations, Mcafee Groupshield on the mailserver and an Ironmail (with their own scanner) for the mail gateway.
We're considering dropping Mcafee because the only questionable items which have made it that far were malware etc, not viruses. All of those are dropped due to being spam anyway! Nothing has made it through to the grisoft which is really only there for scanning media (CDs etc).
Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
We're considering dropping Mcafee because the only questionable items which have made it that far were malware etc, not viruses. All of those are dropped due to being spam anyway! Nothing has made it through to the grisoft which is really only there for scanning media (CDs etc).
Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
Visit
The Agnitum Outpost personal firewall is an outstanding and fascinating piece of security software which addresses the problem of control of outgoing internet traffic. The forum contains much interesting discussion.
I use Outpost and would use nothing else.
Null illegitimus carborundum
The Agnitum Outpost personal firewall is an outstanding and fascinating piece of security software which addresses the problem of control of outgoing internet traffic. The forum contains much interesting discussion.
I use Outpost and would use nothing else.
Null illegitimus carborundum
- Status
Similar threads
