Results 1 to 4 of 4

Thread: Myths and facts about security

  1. #1
    Join Date
    Aug 2003

    Myths and facts about security

    Alrighty, I'm well on my merry way to learning everything I need to know to be a real protected mothafsker. There are however, a few things I would like to have explained in detail, if you would.

    Question #1 - Do hardware firewalls offer better protection than software firewalls?

    I am currently running my computer through a router with a built-in firewall. The company touts this router's firewall as being safer than any software firewall.

    Question #2 - Are proxy servers that don't forward HTTP headers very anonymous?

    I'm pretty sure there's more ways than one to skin a cat, particularly this one, and I would like to know what identifying marks I'm sending out, even when running through an anonymous proxy server.

    Thanks for your time


  2. #2
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Question #1 - Do hardware firewalls offer better protection than software firewalls?
    Yes and no.

    There is an added layer of protection to have a standalone device act as a firewall- whether its a "hardware" firewall or a dedicated computer (same difference really). If you run other applications and services on the same machine you open vulnerabilities that may allow someone around the firewall or you allow someone who compromises the firewall easy access to the applications and services running on that machine.

    That said, it depends on what you mean by "hardware" firewall. The firewalls included with most home routers are generally simple packet filters that only monitor inbound communications. You can close all incoming ports and ONLY open the ports you need people to access you on (80 if you're hosting a web site, whatever ports your games or P2P network operates on). If you are not hosting any services like a web site or need to connect to a P2P network or whatever you can just block ALL incoming ports and remain relatively safe.

    However, the nice thing about many personal firewall applications that you run on your system is that they monitor inbound AND outbound communications and look for anomalous programs trying to interact with services or kernel level processes that they shouldn't be. You can block all incoming traffic with a hardware firewall, but if a trojan gets onto your system through an email or malicious web site and initiates outbound communications and starts doing things on your computer you wouldn't detect it with the hardware firewall.

    I use, and recommend that others use, both in conjunction. The home cable / DSL routers almost all have packet-filtering firewalls that you can use to block most or all incoming traffic. Then you can apply some personal firewall software to monitor your actual computer.

    There are plenty of free ones (see my About.com Free Personal Firewall Software section). I use the full-blown ZoneAlarm Pro 4 because above and beyond the basic firewall capabilities it also blocks pop-up ads, banner ads and other nice features for added protection / privacy.

    That's my $.02 on Question #1. I can't help much with Question #2 off the top of my head.

  3. #3
    Senior Member
    Join Date
    Jul 2003
    Since Mr. Bradley has posted such an excellent answer to #1, I will merely refer you to another thread on this topic here

    As to #2, there are many answers, depending on what level of anonymity you want.
    If you don't really care, and just don't want to make it obvious to the web site owner that you're the one using their site, then any old proxy server will probably work. All of them that I know of do not expose your ip address, so you're pretty good.

    However, if you're afraid that someone is making a concerted effort to find out who you are or what web sites you're using, it becomes trickier.
    First of all, you really need to be using SSL. If you're not, anyone in between you and the proxy can see what you're doing.
    Secondly, you want to be using a proxy server that lots of other people are using. This helps defeat traffic analysis. Briefly, traffic analysis is watching the network packets go by, and using the timing of the packets to determine who's talking to who. For instance, if a packet goes from you to the proxy server, then immediately afterwards a packet goes from the proxy server to www.goatse.cx, it's not hard to figure out what's going on. A good proxy server will do request reordering to further defeat traffic analysis. (I'm not sure if there are any proxy servers out there that actually do packet reordering.)
    Finally, all of this means nothing if the proxy administrator is working against you. I know with anonymous remailers (mail proxys), you can chain together multiple proxys to protect yourself against this. I'm not sure if this works with http proxies.

  4. #4
    Join Date
    Aug 2003
    hmmmm.... well, thanks for the replies guys. It answers two of my questions and creates many more which I am off to explore.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts