Results 1 to 10 of 43

Thread: do I need a firewall?

Threaded View

  1. #19
    Join Date
    Jun 2011
    Location
    The Shadow Gallery
    Beans
    6,782

    Re: do I need a firewall?

    Quote Originally Posted by Zill View Post
    Have you got any evidence for this statement?
    I am a penetration tester and security professional what evidence do you want ?

    try here

    https://cve.mitre.org/
    http://www.exploit-db.com/


    If a system is connected then it is vulnerable, all end user OS whether it be a Linux Distro or Windows meet EAL 4 or 4+ in the common criteria which means they are all secure within reason whilst leaving functionality and ease of use the primary goals.

    There are systems which meet higher criteria but they are not meant for end user use such as bespoke military or aerospace systems and the like.

    http://www.commoncriteriaportal.org/products/

    Most Ubuntu distors meet EAL 4+ which is the same as most Windows versions, of course not every version or company puts forward for certification, Why ? because there is no need as they are end user OS.

    The methods are often similar or vastly different but all connected systems have some type of vulnerability which is par for the course for being connected.

    Point metasploit/meterpreter at most systems and something will pop up, usually a reverse shell (joke)

    The whole "secure" thing is sadly misunderstood, I read in here all the time about not needing a firewall if behind a router.....shame people know nothing about how easy it can often be to compromise a home based NAT router, firewalk, use Hping to ping using TCP past firewalls that block ICMP, session splice, XSS, NMAP idle scans or FTP bounce, reverse connections from arbitrary port creation as no outgoing traffic is controlled....... ad nauseum ad infinitum I dont bother replying anymore.

    Peace
    Last edited by haqking; February 6th, 2013 at 10:48 AM.
    Feel Free to Bitcoin Tip: 135Rp4pwwYTHEJ4u8bxKaDQiC91N9LUoV2

    Backtrack - Giving machine guns to monkeys since 2006
    Kali-Linux - Adding a grenade launcher to the machine guns since 2013

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •