steve szmidt wrote:
> On Sunday 10 October 2004 06:49 pm, Chad Perrin wrote:
>
>>xcalibre wrote:
>>
>>>free version of zonealarm will not work with linksys routers only thhe
>>>paide version has filtering to work with routers
>>
>>ZoneAlarm works on the PC on which it is installed to prevent packets
>>from entering and leaving the system based on what rules you set for it,
>>based on which network "zone" the packets are coming from or going to.
>>Whether or not there's a router has very little to do with it, except
>>insofar as the router makes ZoneAlarm redundant if it is also a firewall.
>
>
> Well this is not entirely correct. Having ZA and an external f/w running is
> not redundant as security is a multi-layered approach. It's made out of many
> pieces working together. Each adding a layer of security.
>
> (I've not used/seen ZA Pro, but it could have routing support in which case it
> could have the ability to understand routing protocols.)
>
> ZA by itself is not total security as it can be bypassed from the outside.
> Ditto a packet filter which does not know anything about applications cannot
> block what ZA blocks.
>
> Let's say you browse a corrupted website and end up downloading a viral
> application. Your packetfilter sure did not stop it. Windows being nice and
> cooperative, then executes it for you (well, for the criminal hacker).
>
> It may not have the smarts to modify ZA and so when it tries to go online ZA
> stops it. So disabling ZA is not the thing to do just because you have a
> packet filter firewall.
>
> Now a proxy fireewall can do a bit better as it sends out a proxy request and
> then returns a proxy answer. So to some degree it's better on dealing with
> the above.
>
> Ideally you also have an application firewall, not unlike ZA. Except ZA is not
> a true application firewall, more of a hybrid.
>
> Another layer is not to allow images or html to be drawn or executed through
> email. Yet another one can be various s/w that detects abnormal behavior or
> traffic.
>
> Anyway, the point with this was just to show why a firewall and ZA are not
> mutually exclusive, or redundant.
>
Note: I didn't not say that the external firewall makes ZA redundant, I
made a comment about an external firewall having nothing to do with ZA
_except_insofar_as_ it makes ZA redundant. To some degree, a good
external firewall _does_ make ZA redundant -- that is to say, some of
ZA's functionality is redundant when one has a good external firewall
running. ZA and the external firewall perform some entirely redundant
functions, in comparison with one another.
They're not mutually exclusive, and they are not _wholly_ redundant, but
bits and pieces of them _are_ redundant. Get my drift?
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:32:19 EDT