Firewall?

Okay... I know this is the wrong forum but I'm bringing it here since the other forum hasn't provided any answers. Ramona... rather than moving my thread, you can just delete it since it's already out there elsewhere... but... any chance before you delete it that you (or some fine Netscaper here) can give me a few answers? Thanks. I'm a bad boy... I know! It's my life story!

I'm wondering exactly "how" a firewall works. Does it physically prevent anything from outside entering one's computer OR does it simply render the computer invisible? If it sort of gives my computer a (Star Trek-like) cloak of invisibility, would it be possible for someone (although highly improbable) to penetrate to my computer? Currently my little network (two computers) sits behind a Linksys router as indicated before and both computers have software firewalls. So... is it a physical impossibility to penetrate to my computer or are we simply hidden from the internet community and our being hacked is remote at best?

If it "is" possible to penetrate through to my computer network, what is the best advice in terms of being "away" from the computer for several hours? Do you actually turn if "off" or just log off and let it be? And come to think of it, since just logging off really does nothing, since you're still connected (cable connection here) what would be the point of even doing that?

Thanks for any insight here.
James is online now Edit/Delete Message

 

James,
I decided to to try one of the ad links, provided to no-subscribers by this website (firewall), and after three clicks, I did a search, and came up with a .pdf file about the firewall used in Dell computers. A total of five clicks to get information which I could have gotten in one click (but this is my gripe).
Anyway, there is some valuable information in the "understanding" part.
My understanding is that there is a remote chance that may be hacked. In theory your computer is hidden, unless you use some software to make it visible.
My Zone Alarm keeps track of the intrusions, and their severity. I registered this copy of ZA on 9/12/05, and it blocked nearly 10,000 intrusion attempts, of which 16 were serious.

 

Okay... I'm following you, Westside.

In my case, I have Charter's (my ISP) free F-Secure Internet Security Suite which includes a software firewall. In the past I've used Zone Alarm and last year I used Trend Micro's security system, but I've decided to go with what Charter offers for free. I'm also sitting behind my router which I assume is also acting as a firewall of sorts (although I've not configured it since it did this all automatically in the set-up). I've been to Shields-Up and apparently I'm invisible (in Stealth). Thanks.

 

I hope I am right. For now, I sticking with Zone Alarm, which has given me, a soon corrected problem, since I got it over five years ago. I am so concerned about SP2, that I will not get it, and will not have the Windows firewall.
I can get the McAfee Firewall with my ISP, but, why bother at this time?

 

James,

You are a good boy, so don't fret!

A firewall does both: a firewall not only prevents unauthorized access to your PC or network, it also hides your PC from view. Since you have tested your PC's at Gibson's site, and came away with a "Stealth" rating, then I would say you are definitely in the safe zone. However, there are other tests on the Internet, which may not give you that rating...

Nothing is physically impossible, as these hackers are becoming more and more adept at getting into a system. However, the precautions you are taking should keep you protected, and an invasion is highly unlikely.

It doesn't matter whether you are on the Internet or not, or if your PC is turned on or off. When connected via broadband, then you're always online. What makes it easy for these guys/gals, is that we broadband users have a static IP address, unlike dialup, which changes each time you log off the Internet. This makes it only too easy for them to spot us.

I've read that a hardware firewall protects better than software, but I have no idea how expensive that would be. Right now I'm perfectly satisfied with my free ZoneAlarm.

 

Ah... that is exactly what I wanted to know. I'm very grateful for your taking the time to give an answer here, Ramona (and everyone else). I must admit to being a little bit paranoid about all of this. The fact is, because of my circumstances I must do some banking online. So, I've tried to take as many reasonable precautions as possible. When I purchase my router (Linksys G) it was wireless and the salesman told me that while I could use it as a wireless router, if there was no real reason to use it in that manner that it would actually be safer to hard-wire the two computers in our computer room together (which is what I've done via the ethernet connection). He also had a router from Net Gear which he said supposedly provided a sort of firewall (whereas I can't find any indication that the Linksys router does act as a firewall) BUT once again, that the only really proven hardware firewall was in the region of $3000 and likely only employed by companies at high risk. He felt I would be perfectly safe taking reasonable precautions and using a decent software firewall like ZA, Sygate, or the one provided by my ISP (F-Secure). So? I'll try to relax about this. I'm sort of stunned that even turning the computer off still doesn't severe my connection. I take it that if I'm going to be away for a few days, it would be best to physically unplug the cable connection. Is that right?

Thanks!

 

James,

I had no idea that the cost of hardware firewalls was that exhorbitant!

Yes, by all means, even if you aren't using the PC for an extended period of time, simply unplug the modem. When I get paranoid, that's what I do... In fact the installer from Charter advised me to unplug the modem every now and then as never doing so could cause a slow down in upload/download speed...

 

Hmmm. Firstly, when a computer is switched off, it's off (gosh, what a surprise, eh) and cannot be accessed remotely - erm, well, unless WOL were to be in some way be exploited but this is an *exceptionally* unlikely scenario. Secondly, the vast majority of broadband users do not have a static IP.

See the auld Newt's post for a more detailed discussion.

 

isn't "hardware firewall" what you're meant to turn your older computer into when you upgrade?

...not that I know how to go about it or what sort of spec machine it requires - seems an interesting idea though, particularly in light of the $$$ mentioned above.

==

little note about the GRC "Shield's Up" thing: it only bombards your machine using TCP protocol when it tests... which has always worried me a bit because malware commonly uses UDP. You can get a clean bill of health from Shield's Up! while being vulnerable to UDP = get lulled into a false sense of security.


best wishes, HJ

 

Neither did I regarding the price of a true hardware firewall (and I'm only quoting a very young salesman who could be wrong about this).

Just how often do you unplug the modem, Ramona? Are you saying to physically disconnect the cable from the modem, or to cut it's electrical connection? In what way would not doing this slow down the transfer speeds? This is all so new and confusing to me.

 

Okay... so now I'm entirely confused (as opposed to be only 99% confused before ). You're saying that turning off the computer at night severes all connection with the internet and prevents me from being hacked but others are saying that a cable connection means you're connected regardless... that the only way to break the connection is to disconnect the cable from the modem. Which is the actual case?

 

Hi Brett

I've read the page re Newt's discussion and actually learned a few things. But it also opened up a few more questions. So, bear with me:

- My Linksys G router (WRT54T) apparently acts as a NAT according to the technician. It came with a set-up cd that also contained a three month trial of Norton's security suite. I opted to NOT install Norton but rather took up my ISP (Charter Cable) on their offer of a free internet security suite from F-Secure (AV and firewall). So, from what I have read, especially from Tony in the other discussion, I have a "sort of" firewall through the router and should be reasonable protected. Is this correct?

- Also, it would seem that Newt was suggesting that having both the router (acting as a hardware firewall) and the software firewall (i.e. ZA or in my case, F-Secure) would slow down my connection speeds. Is this true? No one at Charter admitted to this but instead told me specifically to make certain I had the software firewall along with the router. So???

 

From what I understand, an hardware firewall (the router?) is better than the software firewall. I am not making anything out of the speed issue. I can understand how an antivirus program can drag a computer, but how many times would the Firewall be asked to do its thing? If I see a slowdown, I shut down the computer.
But, of course, you would not know what's going on, under any conditions, if the computer is left on, and unattended.

 

Very interesting Hugh. Is their a site that can test TCP and UDP and determine stealth presence on Internet? NOTE: Recently I replace my LinkSys router with a NetGear WGT624 - 4 port wire + WIFI. Main reason I chose this router was it provided NAT and SPI (Stateful Packet Inspection).

 

James,

I am embarrassed to tears here, and apologies for any misinformation I have passed on to you. I always make meticulous notes when I make changes on the PC, and when I spoke with Charter, I was told that I would have a static IP. As that was one of my main concerns, I asked if it were possible to have a dynamic address. The Rep. said that it was possible, but the dynamic address would be extremely expensive... Thus the incorrect info. to you.

As to turning off the PC turns off cable connection, color me stupid! Again, I was going on obvious misinformation. I was told that the only way to disconnect from the Internet, was to disconnect the electric cable from the Modem, thus turning off the PC/Cable connection. At the time I thought it made sense...

BTW, Charter has beaucoup information on Networking, routers, etc., on their site: Home Networking Support

 

Dennis,

This is a good site: http://bcheck.scanit.be/bcheck/

 

Thanks Ramona ..
I had this site in my Weekly / Monthly folder for my security testing / required updates tasks.
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

I am happy with the above results, (same results I've always had)
but the summarized results does not provide the user with much information.

 

Dennis,

Actually, even if you try and follow the tests in the right panel, it goes by too quickly to even jot down the test. Same results for me too, but I too wish there was more info.

 

Hi

yes the bcheck site's a good 'un, and glad to have them up and running again (was out of order for a while couple months ago) - but isn't it really testing the browser rather than the firewall? Because you've already connected out to it?

FWIW here's my ruleset, I checked the TCP incoming blocker against GRC, and finding that it worked OK made a similar rule for UDP (the inbound "deny" rules right down the bottom of the list)

but I can turn the UDP block off and don't seem to feel anything from the Shield's Up! probes when I do...

==

the OE rules work well - can even use the dreaded preview pane in HTML mode!

With rules as on screen pic, if email has a web beacon - or something yukky like that - it gives a little red X because OE can't get out to remote port 80 or 8080 or anywhere else for that matter. (OE can only get to remote 110 / POP & remote 25 / SMTP)

But if legit email contains an image (like attachment) it's part of the email and so I see it. So it's best of both worlds! I see pictures from friends but miss out on beacon bleat channels and malware.

If I want to see whether email contains something which is trying to get out I uncheck the box for the OE outbound "deny ", so then Kerio treats it as unknown and gives me the "what do I do with this?" prompt

with the rule enabled it just blocks the nasty stuff quietly

==

The UDP block incoming does cut out one kind of hassle. I think it's called messenger spam perhaps? Generally happens in threes coming at my UDP 1027, 1028, 1029 in quick succession. I don't run messenger so can't see what it's meant to look like, but it's not too hard to guess 'coz I "got packets " (as SANS would say!)

it's presumably trying to terrorise me into getting Dodgy Software Inc.'s "fix your registry (good and proper)" toolkit. Which I reckon I can live without


best wishes, HJ.

 

Ramona,
this test left me very puzzled. It never went to completion, after some 30 tests. I was told that their website would come up, but it was an attempt to trick me. Whatever went on sure confused me. I got a box right on top of the original box telling me that I never Quicktime v.5 or later, and a quicktime page came up. I never got the chance to take note or what it was, although it appeared ok, at the onset, but then it show a QT7 page. I happen to have QT7.02. After clicking the last ok, I was on the desktop, and got the Talkback.
I never filled it, because I don't have a clue about what is going on.
Now, I am worried!