This is a recommendation for a firewall for Windows.
Straight_Man
Geeky, in my own wayNaples, FL Icrontian
Why is it in Windows and not Software??? Well, the recommendation comes after a mfr, named Diebold, decided to put Sygate on many of its ATMs after they were intrusion hacked and it took the client bank's Intrusion Detect Software a couple HOURS to detect that its Windows Based ATMs, two in one bank's ATM network,possibly ohters eslewhere were non-repsonsive and probing with trojans on the bank network. They pulled the two ATMs offline and problem vaporized. Diebold is deploying Sysgate on all its Windows-based ATMs, including those already in use in the field. This follows EDS endorsing Sygate Pro as a vrey good firewall for Windows boxes, as it can detect unauthorized outbound internet access attempts, alert users to them, and keep trojans from getting off any box they infect.
For enthusiasts, note that to PREVENT incoming trojans from infecting your home or work box, you probably DO need anti-virus software also. But, a good firewall on all Windows boxes connected to the internet, can prevent outbound spread if used right.
Note, I let this sit a week plus before posting here, beacuse deploying was a priority and the bank concerned has now fixed the vulnerability that let this happen, they are pretty sure. But they wanted a failback on the ATMs they had which were Windows based to keep any which got trojaned from calling out and probing banking networks from the inside out.
John.
For enthusiasts, note that to PREVENT incoming trojans from infecting your home or work box, you probably DO need anti-virus software also. But, a good firewall on all Windows boxes connected to the internet, can prevent outbound spread if used right.
Note, I let this sit a week plus before posting here, beacuse deploying was a priority and the bank concerned has now fixed the vulnerability that let this happen, they are pretty sure. But they wanted a failback on the ATMs they had which were Windows based to keep any which got trojaned from calling out and probing banking networks from the inside out.
John.
0
Comments
Furthermore, your windows box isn't the same as a box at the bank. I think what you have posted here is completely and totally irrelevant and has absolutely nothing to do with eachother.
The way that you get trojans is from going to sites that have an auto-download background downloader, downloads onto your computer. With inadequate firewalls you may get them. The only other way is to manually open them, in email, ect. I don't think anyone here is stupid enough to do that. And the only other way that would be possible to my knowledge is for someone to hack your ip address and plant the backdoor on your computer. Probing a banking network would be almost impossible if not impossible.
Laugh? The way sygate works is through blocking applications that want to reach the internet from reaching them. All they have to do is latch onto another file or program, which they generally always do. Sygate is a firewall, not an antivirus. It is highly possible for a trojan to get through your firewall. A matter of fact, its easy.
Check your information before post next time.
Whether or not the information is entirely accurate, your reply is downright rude! We certainly don't need any flaming going on.
-.-
Hypothetically speaking, if the POS system links back to its server over the internet, as such as remote ATM installs like at a convenience store, then they're probably also vulnerable to the same sort of viruses, trojans, etc. that come our way. There's probably a little more to it than that, which is why you don't hear about this sort of thing very often.
Correct me if I'm wrong, but if the firewall restricts your own programs' internet access, that means that if a trojan/virus/worm "calls", your computer can't "pick up the phone", which is what we're after, right?
If you've secured your browser properly to block scripts, you shouldn't catch stuff from visiting webpages.
-drasnor
At any rate, Sygate is still a VERY good firewall. Even the free version blocks more intrusions on my system in tests than either Norton or ZoneAlarm Pro.
I guess that makes sense since you would be selling them to clients.
Firewalls are important for avoiding trojans.
Checked thrice.
IDS software is backup to a firewall, and log reader of the firewall, and checks for attempts to subvert servers. Whole class of software. In essence, it is server breakin attempt notifier to admins software. Yes, they have layers of security, adn the firewalls logged the attempts by the trojans, by ATM IP, and the ATMs concerned were in fact later examined. This breakin was a first for Diebold.
On the outside, ATMs do not look like much, but a small touch screen can be attached to a light-weight video card and the inside can be a computer, which is exactly what Diebold did for some models of their ATM offerings.
Essentially, ATMs that are computers have in fact IP assignments, and some have two or more connects. That is what happened here, someone placed trojans in them literally.
John-- simpler enough???
If I wrote more simple, would take many screens to explain, sorry.
I've watched one of the Canadian Bank of Imperial Commerce (CIBC) ATM's in my home town boot when the power went out (they don't have battery backups).
The sucker uses MS-DOS, I **** you not.
Reboot time was 3-5 minutes, as once it booted, it had to connect over a WAN link to download the rest of the ATM program that it runs (not sure what its made in).
Basicly, what Sygate has is recommendations from many big folks in security industry. Folks talk more about other firewalls, but I have had least issues with Sygate Pro over two-three years of use, and yes it just went back on my Barton box when I worked the set of software I use over, and did some housekeeping and registry editing.
John.
The new version 4.09 is very stable, it's even been released as commercial software. The free version is the same, except the web pages filtering, wich is disabled (and is not a very useful feature I would say).
You can edit your own rules for each application, plus there are some really good webpages where you can find predesigned packages of rules including DNS and anti-RPC.
I got one of those packs and then made my own rules easily for emule, msn messenger, irc, ftp and a couple more and I'm ready to work. Every port scan and online security test I've done reflected no security holes nor closed ports, all were hidden.
I reccomend it.
EDIT: just noticed 4.10 version was released yesterday.
http://www.kerio.com/dwn/kpf4-en-win.exe
You can get some good rules here:
http://ssl-links.50free.org/kerio/Kerio%204/Finales%20v1.0.zip
It's a spanish webpage. If you need any help with the rules or the program, just ask me.
And that post was to? Was that any better? lol.