Firewalls

[Jeff Mottle]

Hello all,

 

I was doing a bit of online research after Greg's post earlier about not needing Zone Alarm in conjunction with my Linksys Router (NAT). I was under the impression that if I opened a port on the router it was a wide open hole. While it is exposed I get the impression that there is still a level of security there. Can somebody explain to me how a firewall works with repsect to a Closed Port vs a Stealthed Port. Ie an open port vs a completelly closed port? If a port is open what would a hacker need to do to exploit my system? In particular I am concerned about port 113 (IDENT) as it is required on IRC.

 

I also found out yesterday that there are cheap routers (SMS) that allow for specific IPs to be forwarded to specific ports. It doesn't seem this is possible on the Linksys, or is it. I have been getting Zone Alarm to do this in the past.

 

If there is any good reading on the net, please let me know.

 

Cheers,

Jeff

[Greg Hess]

Hey Jeff,

 

The linksys router has port forwarding under the advanced tab. Just login to 192.168.1.1 on your network, login with your pwd, and go to advanced. I believe there is even a little walkthrough on linksys's site on how to setup port forwarding and such. I use it to allow the ident servers on irc to allow me to access a variety of servers without being blocked.

[Jeff Mottle]

Hey Greg, this is what I have done, but now that it is open how could somebody exploit this? This is more out of personal curiousty. I must know how things work.

[Greg Hess]

Oh...I have no clue. Er look over there!

 

(Points at something in the distance)

 

[Greg runs off]

[abicalho]

Two issues here (just purchased my router this week - still learning).

 

One is port forwarding. The second is Firewall (Software).

 

You're right when you mention you do not need a firewall anymore. That's partially true. The router blocks "Incoming" packets, but it does not block "outgoing" packets. Example: you just got a new software that is "Adware". Ok, so your software now tries to connect to the Internet on its own. The router allows it, but your software firewall allows you to block it.

 

IP Forwarding. Say you host an FTP server on port 1234 on your local network. You want users to log on it through the Internet. What do you do? You forward calls to port 5678 to the machine 192.168.1.2 port 1234. Any incoming calls on that port on the internet are redirected to that IP and port on your local network.

 

I used to do that with Wingate, when firewalls and routers were just consumer dreams. Wingate was an app that shared a single network connection (Dialup back then) over a LAN.

 

Hope this helps, and I hope I didn't say too much nonsense.

 

Alexander

[Jeff Mottle]

Hey Alex,

 

Nope all good info. I actually ran into one of our Network Analysts after I posted this so I grilled him about my questions. I was told that if a port is open then it is wide open, but just because a port is accessible does not mean that a hacker can just waltz in a start browsing your files. I was told that not only does the port have to be open, but there also has to be an app on the other end that has a vulnerability that can be used to access the system. Also is was my understanding that the NAT firewall (the linksys anyway) will only allow packets into an open port if there is something on your side of the firewall (your computer) that is soliciting them in the first place. Hopefully I have not misinterpreted anything. In any case both software and hardware firewalls are good. One for incoming and one for outgoing. I actually use ZoneAlarm to filter requests from open ports so that only certain IP address can continue to the actual computer.

 

Anyway if anybody has more to add I'd love to hear more.

[HeDaCoM]

Trust me. Having a router with NAT doesn't mean you are protected. Even more if you open some ports... You ALWAYS need a firewall. I know what I'm saying

[Greg Hess]

"You ALWAYS need a firewall. I know what I'm saying "

 

I agree that if your online with some sort of broadband, that some sort of firewall is necessary, but I debate that both a software and a hardware firewall are necessary for personal computing.

 

I think its more a measure of how concerned you are with your data, or your overall paranoid level. If you've already got some sort of hardware router setup, your already going to eliminate probably 90% of all the kids playing around on the net trying to mess with peoples computers.

 

If you are that concerned with your data, then you probably have some sort of redundant raid 1 or raid 5 setup, with removable drives to clone the data at weekly intervals, with some sort of hard archival backup, such as dvd-r or cd-r's. Because I guarentee there is a far greater chance of harddrive failure then somebody hacking into your machine and deleteing anything with *.viz or *.max. And if you've got all that redundancy, thats a firewall in itself.

 

I just go by the thinking that...less apps = more power and greater stability. Meaning that in the best case scenario, the only thing, that should be in the task bar, should be the volume control nob. The startup list should be free, and every freaking service possible on the system disabled.

 

Oh and remember to put a fan on your heatsinks...someguy on the discreet forum didn't and was wondering why his computer rebooted every 5 min.