General question about firewalls

 CastleCops -> Firewalls
Author: geoffoLocation: UK PostPosted: Sun Jun 29, 2008 7:51 am    Post subject: General question about firewalls
I have just moved to broadband and have a wired router, which has a firewall. I want further protection and have just installed online armor. Now, I have a real thicko's question. Typically, during the day when I am not using the internet, I put it in standby mode. My router and LAN will be connected. If I don't want to rely on the router firewall, will my OA firewall protect me from hackers or do I have to do anything else? I'm not sure if a firewall actually prevents outside attacks, or just tells you when they are happening.

I wondered if I had to click "Block all network traffic" but when I tried this and came out of standby, I got a yellow exclamation triangle over my LAN icon saying "loss of connectivity" - and the only way I can get the connection back is to select "Repair". This doesn't sound right that I had to do this every time and I just wanted to confirm that I if did nothing, I would be fully protected from the outside world.

Hope this makes sense - sorry if it sounds a silly question
Author: CudniLocation: Et In Arcadia ego PostPosted: Sun Jun 29, 2008 8:32 am    Post subject:
use router firewall in addition to OA. Nothing will come through router firewall and nothing, that you don't allow will come through OA firewall. They complement each other. No need to block traffic either

Cudni
Author: geoffoLocation: UK PostPosted: Sun Jun 29, 2008 12:48 pm    Post subject:
Cudni wrote:
use router firewall in addition to OA. Nothing will come through router firewall and nothing, that you don't allow will come through OA firewall. They complement each other. No need to block traffic either

Cudni


Thanks Cudni - very reassuring. That prompts another question - if someone had been trying to hack in, is there somewhere in OA where it shows up. I only have the free version

Geoff
Author: PCBruiser PostPosted: Sun Jun 29, 2008 1:41 pm    Post subject:
Inbound hacks should be blocked at the router/firewall before ever reaching OA, so they won't be seen there; and, usually router/firewalls have logs where they will show up. You can tell if you are being port scanned from the hardware logs - they will show attempts to connect to multiple ports all coming from the same IP.

99.99% of those attempted inbound hacks are from zombified systems, whose owners don't have a clue that their systems are being used for that purpose. By their very nature, those types of inbound port scans are simple to block - they are pretty "stupid" hacks, but they will capture IPs from unprotected or improperly protected systems.
Author: geoffoLocation: UK PostPosted: Sun Jun 29, 2008 3:36 pm    Post subject:
PCBruiser wrote:
Inbound hacks should be blocked at the router/firewall before ever reaching OA, so they won't be seen there; and, usually router/firewalls have logs where they will show up. You can tell if you are being port scanned from the hardware logs - they will show attempts to connect to multiple ports all coming from the same IP.

99.99% of those attempted inbound hacks are from zombified systems, whose owners don't have a clue that their systems are being used for that purpose. By their very nature, those types of inbound port scans are simple to block - they are pretty "stupid" hacks, but they will capture IPs from unprotected or improperly protected systems.


Thanks Bruiser, I'm learning all the time. So, just to be sure, if I leave my router permanently on, and my firewall enabled, I am safe? I am on a LAN connection - presumably there is no need to right/click the little icon and 'Disable/Enable' every time its in Standby mode?

Thanks again
Geoff
Author: PCBruiser PostPosted: Sun Jun 29, 2008 4:00 pm    Post subject:
Totally, absolutely safe? Well ... if someone is absolutely determined to hack in, are extremely knowledgeable and have many hours to invest in hacking just into your LAN, there is just the slight probability that they might get lucky and do it. But, it would require a live person, and many hours of work to make it happen.

Remember, unless a live hacker knows there is something of great value on one of your systems on your LAN, there are easier fish out there to fry, systems that are totally vulnerable to inbound threats. Why waste hours on something speculative when there are much easier targets? "I don't need no crappy firewall, it slows down my game by 0.5 FPS, and I never get infected." Yeah, sure, how many times have I heard that from owners of incredibly infected systems.

The only totally safe system is one that has no Internet connection, and that is never turned on or have software installed on it. Unrealistic, I know. Otherwise, given your protections, it is not normally necessary to turn everything off unless you are going to be offline for some time - vacations, typically.

One thing you should make sure of and that is all your ports are in fact closed and even better, stealthed. Go here:

http://www.grc.com

follow the links to ShieldsUp! and run all the tests. That will tell you exactly how safe your system is from inbound threats. What you want to see is everything green. If that's the case, you should be as safe from inbound threats as home systems can realistically get.

Most gateway protected LAN breaches are accomplished not via a brute force hack into your LAN, which rarely gets by good quality router/firewall gateways, but by fooling one to either visit a malware payloaded web site where an ActiveX or other script installs malware, or to download and install malware ridden software on a system that establishes a backdoor. That is one very common way that P2P users get infected. Many, if not most, P2P files are malware laced. Then if you permit the backdoor to run in OA, you are compromised. The human element is one of the weakest ones in your security protection.

The other way to do it is to hack a mobile laptop when it is not protected by the LAN, and then when it is reattached to the LAN, bango - it infects other systems on the LAN because the malware has breached the gateway protection. That's a very common way that corporate LANs are breached. Inadequate protection behind their gateways. That's another reason to use a top flight software firewall like OA.

BTW, in standby mode, nothing is actually running on your system, so from a malware infection potential point of view, that is effectively the same thing as turning your system off completely.
Author: geoffoLocation: UK PostPosted: Sun Jun 29, 2008 4:58 pm    Post subject:
PCBruiser wrote:
Totally, absolutely safe? Well ... if someone is absolutely determined to hack in, are extremely knowledgeable and have many hours to invest in hacking just into your LAN, there is just the slight probability that they might get lucky and do it. But, it would require a live person, and many hours of work to make it happen.

Remember, unless a live hacker knows there is something of great value on one of your systems on your LAN, there are easier fish out there to fry, systems that are totally vulnerable to inbound threats. Why waste hours on something speculative when there are much easier targets? "I don't need no crappy firewall, it slows down my game by 0.5 FPS, and I never get infected." Yeah, sure, how many times have I heard that from owners of incredibly infected systems.

The only totally safe system is one that has no Internet connection, and that is never turned on or have software installed on it. Unrealistic, I know. Otherwise, given your protections, it is not normally necessary to turn everything off unless you are going to be offline for some time - vacations, typically.

One thing you should make sure of and that is all your ports are in fact closed and even better, stealthed. Go here:

http://www.grc.com

follow the links to ShieldsUp! and run all the tests. That will tell you exactly how safe your system is from inbound threats. What you want to see is everything green. If that's the case, you should be as safe from inbound threats as home systems can realistically get.

Most gateway protected LAN breaches are accomplished not via a brute force hack into your LAN, which rarely gets by good quality router/firewall gateways, but by fooling one to either visit a malware payloaded web site where an ActiveX or other script installs malware, or to download and install malware ridden software on a system that establishes a backdoor. That is one very common way that P2P users get infected. Many, if not most, P2P files are malware laced. Then if you permit the backdoor to run in OA, you are compromised. The human element is one of the weakest ones in your security protection.

The other way to do it is to hack a mobile laptop when it is not protected by the LAN, and then when it is reattached to the LAN, bango - it infects other systems on the LAN because the malware has breached the gateway protection. That's a very common way that corporate LANs are breached. Inadequate protection behind their gateways. That's another reason to use a top flight software firewall like OA.

BTW, in standby mode, nothing is actually running on your system, so from a malware infection potential point of view, that is effectively the same thing as turning your system off completely.


Thanks you so much for putting together such a detailed reply. I feel a lot more at ease now. I don't use P2P, so this is not a threat - plus I am the only one on my LAN (ie I am not part of a network). Interesting what you say about malware; I like to think I am careful about what attachments I open etc. Plus I regularly run AV and SuperAntiSpyware.

Right now I'm off to check that ShieldsUp link you've kindly provided. Hopefully, they will all be green!

Thanks again
Geoff
CastleCops -> Firewalls

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group