[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Trojans & spyware imitating alowed trafic
Hello. Sorry, it's probably due to lack of knowledge, but I don't see how using security servers will provide me with this function. Do you mean that I should use a proxy when connecting to the Internet and content scan and analyse all outbound traffic? I just can't see this as a realistic way to prevent spy ware or a Trojan on my LAN from connecting to its server via port 21 (or some other "legal" port). If anybody could give me a more thorough explanation or direct me to a site or a document that explains this further it would be much appreciated. Is the alternative to install a personal firewall besides the anti virus software on every workstation and server to scan for illegal programs and traffic? Enjoy the summer. -------------------------------- Kim S. Lohse Partner ITWorx I/S Rolfs Plads 7, 4. th. 2000 Frederiksberg Denmark Phone: +45 3879 1543 Web: http://www.itworx.dk E-mail: [email protected] -------------------------------- -----Original Message----- From: Lars Troen [mailto:[email protected]] Sent: 9. juli 2001 11:08 To: Kim S. Lohse; [email protected] Subject: RE: [FW1] Trojans & spyware imitating alowed trafic Kim, If you use the security servers, they will provide this for you. Also protocols defined in inspect will (atleast to a certain degree) do this. All other protocols that are defined by a tcp/udp port will not do this. ZoneAlarm OTOH is a personal firewall, which works in a totally different way that fw1. As a personal firewall it doesn't care about ports, but rather about applications. It stores each applications identity as a MD5 hash, so if you allow an application to access the internet, Zonealarm will notice if the application change or the executable is replaced. Lars -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Kim S. Lohse Sent: Saturday, July 07, 2001 20:44 To: [email protected] Subject: [FW1] Trojans & spyware imitating alowed trafic Hey all' I was wondering if anybody knows how to prevent programs such as Trojans and spy ware from imitating allowed traffic such as FTP by using the same port? I know that ZoneLabs' free ZoneAlarm prevents this by cryptographically certifying the identity of executable programs. But how do I do some thing similar with FW-1? -------------------------------- Kim S. Lohse Partner ITWorx I/S Rolfs Plads 7, 4. th. 2000 Frederiksberg Denmark Phone: +45 3879 1543 Web: http://www.itworx.dk E-mail: [email protected] -------------------------------- ======================================================================== ==== ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ==== ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|