LUA + SRP =firewall not necessary?

Something came to my mind while I composed a question in Wilders forum couple of days ago, concerning a disabled firewall - isn't it so that if you run a fully patched XP system with LUA and fully enforced SRP (including dlls), and tightened permissions on system folders, risky services disabled - do you really need a firewall (software or router)?

 

In those circumstances a firewall is a bit like airbags and a seatbelt. It's there to protect you from the unanticipated and your own silly mistakes. So do you need one? Yes.

 

Firewall is must have to safeguard your gateway from intruders.

 

Firewall is useless if you have no listening service or app.

On top of that, probability is high you are behind a router which would make the firewall totally useless anyway (acts like firewall).

You use Windows? Windows comes with a by default activated firewall. Let as it is and enjoy.

 

Even if you have tight LUA+SRP, you should nonetheless have a firewall that has inbound protection, whether it's provided by hardware or software. Regarding outbound protection provided by a software firewall, you'll probably find differing opinions here; I personally don't use outbound protection anymore in my LUA+AppLocker setup. A program needs to be running on your machine in order for outbound protection to come into play.

 

@ Scoobs72, Boyfriend - I see your point. I'm not discouraging anyone to use their firewalls, but if all ports are closed, and with no services are listening the probability of anyone getting inside your system is pretty slim. And if anyone gets in, there isn't much the malware could do to your system (LUA, SRP and hardened system).

@MrBrian - I think outbound protection is little overrated. I for one rarely know if I should allow or deny an app that tries to tag along with another app. I usually allow all of them!

@Lucy - Yes, AFAIK a closed port cannot be forced open. I don't use a router.
Once I scanned W2K without a firewall and all ports were closed. That was pretty cool imo, but yeah, I felt more secure sitting behind a firewall than without.

 

@new2security - Firewall is must have protection. LUA + SRP + System hardening will not protect you from network intrusion (DDOS, pings, port scanning, targeted attack, virus probing etc.). You should at least enable Windows Firewall. It would be much better if you configure it just as you configure SRP. Third party good firewall is another good option.

 

Thanks for expanding the details. Yes, you're right regarding DDOS, Pings etc.
But concerning virus probing, what could it do to a system without a firewall?

I just had a "what-if" moment, it's nothing I'm implementing or so. I use a software firewall.

 

I haven't used a firewall in maybe three years except on rare occasions. You do not need a software firewall to stay problem free. You only need knowledge. I concede that using a software firewall does help you to learn what is happening, thus serving to teach you how to not have to use a firewall.

Some people need firewalls. Some don't. There is no emperical evidence that having one will keep you any more secure than not having one. If you don't understand the risks of not having one, then perhaps you need one. Once you do understand why you don't need one, you are free to do other things with the time that used to be devoted to configuring them. That is my favorite part.

Sul.

 

A firewall with outbound filtering is useful to me because:

• It affords me a nifty tool for helping me learn about networking basics.
• It lets me know what process is trying to communicate out and where exactly it's trying to communicate to. This matters to me even though it may not to others.
• It lets me restrict how and where the process communicates to. This also matters to me...
• When I know the latter two points, I may decide not to use a particular app based on what I see it doing network-wise. Example was Google Chrome; I did not like what I saw during installation, especially the process in user space under AppData, so I decided not to use it. It's that simple.

BTW, I use the built-in Win7 fw for two-way control, so there's no additional 3rd party product interfering with the system functionality.

 

Do you use it as an exploratory tool primarily, or do you set rules in place for everything? Meaning, once you are satisified with what a program is or is not doing, do you still make strict rules for it?

Sul.

 

Yeah that makes sense. If you know what you're doing, closed ports probably is enough. A long journey for me, but perhaps one day I'll be fine without a firewall.
Any tip on the way?

 

Some of it's for exploratory puroses, out of curiosity, while most of it's to restrict each process to only what it needs remote port-wise, and in a few cases for remote ip addresses as well. I've got everything restricted via the fw, allowing them only what they need. Even though this level of control will seem bizzare to most, it's what suits me, though by nature I'm no control freak

 

Agree on the software firewall question, but the OPs post related to both software and router based firewalls and the OP doesn't use a router....so he's talking about a totally un-firewalled siutation. Are you saying you are equally totally un-firewalled?

 

Actually his question was do you need a firewall -software or router. The answer is no, you don't need a firewall if you know what you are doing.

A router using NAT is not a firewall, it is a network device running Network Address Translation. It does nothing in the classic sense of what a firewall does. Many routers today have rude firewalls built into them.

So in my answer, it assumes the question is in relation to a software firewall or the firewall-ish features in some routers.

I would not say going without a router entirely means you have to have a software firewall. But I would say you would be better served to use a software firewall if you don't have a router. Connecting to the web without a firewall or router, with about any version of windows, does not mean instant take-over. But if you don't have the skills to do so, a firewall is the best bet.

And no, heck no, I am not without a router. It is the easiest and most secure first line of defense at our disposal. IMO.

Sul.

 

Routers should almost be made mandatory for home pc users. YeoldeStonecat has tried (mostly in vain, I'm afraid) to hammer home the importance of routers for home pc's, citing first-hand experience on the correlation between pc's without routers that are absolutely teeming with malware, while those that are behind a router are far less likely to be malware-infested. People can argue the merits of this all they want, but it's pretty tough to dispute reality.

 

i am going to give my humble opinion and that is that a outbound firewalling protection is very important to fight againts keyloggers transmiting info/data outside the the web if the antivirus is bypassed then the firewall can come handy what do you guys think?this is my humble opinion

 

The firewall might, come in handy, probably in most cases imo, in blocking outbound comms from malware, but most people will jump in and claim it is game over, that the firewall will be bypassed or crippled by the malware, as though it's as certain as the sun rising in the morning It is important only for those who view it that way, but in reality it is not important if other, reliable safeguards are in place. Example, I'm confident I don't need the firewall to keep malware at bay, because it needs to get onto my machine first, which I believe to be fat chance at best, but I use the firewall mainly to control outbound comms from trusted processes (though I don't fully trust MS' svchost process) simply because that's my preference, as unusual as it may seem to many. To each their own is what it comes down to.

 

thanks for explanation

 

This is the sort of question that opens Pandoras Box. It is the sort of question that anyone who is interested in security struggles with in cycles.

It works something like this.

Am I secure? I think so. Do I run programs that are backdoors? No. Do I have a firewall, AV, etc to control my system? Yes, we are good there. Ok, are we safe then. Yes, I think we are - we have good programs and have learned how to protect ourselves.

(some time later)

We haven't had a problem, are we secure? Oh yeah, we are secure. Since we haven't had a problem, are we sure we are secure? Oh yeah, we know how to stop about anything, and how to recover from about anything. If we are secure, do we need all this software? Umm, I don't know. I mean, it is now boring to configure everything, to keep everything under our thumb. Yes, it is. Should we stop using it? You know, I think we can.

(some time later)

How is our security? Good, not a problem worth mentioning really. But what about if we got a keylogger or other thing - how would we know? Umm, not sure without a tool to watch our packets. Maybe we should have a firewall so we can be sure. Are you sure you want to go back to that again? I don't know, I can't be sure either way. I see what you mean - maybe we should keep everything under our thumb again so we won't be caught with our guard down.

(some time later)

I am going crazy here! Me too! All we seem to do is watch out for problems but never see them. I know what you mean. Do we really need all this stuff? Heck no, lets ditch this stuff and get on with something interesting.

(and the circle remains unbroken)

Sul.

 

sully

 

Posts like this,are what keeps me coming back to these forums.

 

Sorry if you don't get it jmonge.

It is humorous how one can learn so much, then second guess themselves with the same questions over and over. We all do it I think. It is a never ending circle of wondering if we are secure, then knowing we are, then wondering if we are.

Not poking fun at you man, just poking fun at how things are.

Sul.

 

Get out of my brain, Sully

 

MAN this is WILDERSSECURITY *Puts tinfoil hat*

We are here because we are paranoids and because we like feeling safeee! (That includes me )
Anyways, i don't think LUA + SRP can replace a firewall because neither of those protect outbound and inbound connections?