Results 1 to 9 of 9

Thread: Firewall Question

  1. #1
    Junior Member
    Join Date
    Aug 2004
    Posts
    7

    Question Firewall Question

    Hi I have a question regarding firewalls. From my understanding whenever there is a firewall up on a computer or network does that mean that network is completely invisible from the outside. I have a free Zone Alarm firewall set up on my Win XP Pro computer that is hooked up to a router with four other computers. I always wondered if an attacker attacked my external IP would they be able to see my whole network and then choose which computer they would like er what? This is a rather confusing topic for me and just really wanted to know if firewalls are like the end all enhancement to security... cuz with my limited knowledge it seems like i'm utterly invinceable thank you for your time

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Simple Answer.
    Your router device is probably doing NAT (network address translation) which will proxy requests to the internet under a single REAL WORLD IP address. Unless you have configured any ports to forward back into your LAN, the world has no direct way to see your internal LAN. Unless of course your router device has a flaw which allows an attacker to gain access or view internal network information.
    Running properly configured software based personal firewalls on each machine is another security layer and not a bad idea.

    There is NO end-all to network security other than pulling the power plug...

    I would be more afraid of the users inside the network opening infected email or visiting malicious web sites.

  3. #3
    If the topic is really confusing and you wish to learn more about how firewalls work, visit:

    http://computer.howstuffworks.com/firewall.htm

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    This is a rather confusing topic for me and just really wanted to know if firewalls are like the end all enhancement to security..
    The simple answere to this is no, they are not. A determind and knowledgable person can get through a firewall, how easy that is depends on many factors. The type of firewall, whether it is configured correctly and whether there are any exploits that can be run against it, to name a few.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    chef's right as far as router built-in firewalls on LANs go, but let me add something about single-computer, personal firewalls just to clear up your understanding of them.

    Just because you have a firewall doesn't mean you're in stealth (inivisible). It's all about configuration. For instance, if your firewall (such as Zone Alarm) is configured to only close ports, you'll still be visible. If I were to scan you with nmap, for example, your ports would come back as closed, but visible. However, if you tweak your configuration a bit so that you're in "stealth", you will be invisible, to a point anyway.

    What's this mean in english? It's about the return of sent data packets (the "three-way handshake"). If a computer (or would-be attacker) scans your ports, it's sending a data packet to you (a SYN) requesting your computer to send it back to say "Yeah! I'm here!" (an ACK). If your firewall has merely closed your port, the data packet will bounce back to the sender, thus showing that you're out there, but not welcoming anyone with open arms. However, if your in stealth, your computer will never send the packet back (there will be no ACK), leaving the data packet to simply disappear in cyberspace and never return, hence you appear invisible to the sender.

    Heh heh, would ya know, I actually sound like I know what I'm talking about for a change!

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Generically speaking, an external guy can probe your network if u have a bad firewall configuration.
    Example: you have NAT configured, and forward enabled on both directions. and you are using 192.168.0.1,2,3, as your internal network addressing.

    So an attacker creates an special route (thru your router/fw/nat), allowing him to send packets direct to your internal network (ie. ping). As your machines reply to those packets, nat will translate reply packets to send to you. With this info (and some other provided by public available tools) he/she can start to attack your machines.

    Easy? just on this post. In real life it will require some knowledge of what do that with information.

    Firewall is like your Front Door. You leave it open or unlocked, someone can (and maybe will) enter in your home.
    Its just a matter of time.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  7. #7
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356

    Re: Firewall Question

    Originally posted here by wightOlore
    Hi I have a question regarding firewalls. From my understanding whenever there is a firewall up on a computer or network does that mean that network is completely invisible from the outside.
    [/b/


    The answer? It depends. A firewall is a choke-point on network traffic that has the ability to limit or stop the flow of network traffic. A firewall is, for the most part, only as good as the rules that were written for it. For example, if you setup your firewall to allow everything, guess what, you now have a router and therefore little to any protection I am assuming, based on your description, that you probably have a router that does NAT (network address translation). This provides a degree of protection in that your internal computers will use private address space (that isn't routeable on the Internet, therefore, attackers have no direct way in (unless you setup your router/firewall to allow it). The router will then translate the IP information, replacing your computer's private IP address with the public IP addressed assigned by your ISP (or potentially private, depending on your provider). However, this does not necessarily protect you, nor does it make you invisible from the internet. For example, by simply going to a web page, the administrator of that page will already have a good idea what of system you run (it is passed as environmental variables used by your browser). Depending on what kind of programs you run, the person on the other end could learn quite a bit about your internal network and the types of systems that are running.

    On another note, you also must remember that just because your firewall doesn't allow the 'bad guy' direct access to your systems, there are still ways that they could gain entrance. The most common example, is the sending of a tailored, spoofed email, containing malicious content (for example, a custom made trojan) to users (depending on how they do it, they may not even have to get you to open an attachment, simply reading the email will suffice). If you allow your computers to go out unrestricted (a fairly common setup), the 'bad guy' could then instruct your computer what to do via the trojan (for example, maybe it is programmed to go to an IRC channel or visit a website with instruction). If you haven't noticed, there have been multiple vulnerabilities in Internet Explorer, many of which allow system access . Vist the wrong web site (and don't keep your system patched, or find a 0 day exploit) and boom, firewall or no, you are had.

    Originally posted here by wightOlore
    I have a free Zone Alarm firewall set up on my Win XP Pro computer that is hooked up to a router with four other computers. I always wondered if an attacker attacked my external IP would they be able to see my whole network and then choose which computer they would like er what?
    It depends on your firewall setup, what type of programs you run, what OS you run, etc. There are alot of ways to obtain access, not all of which can be stopped by a firewall (because the firewall does have to allow legitimate traffic, and can not always distinguish between legitimate traffic and illegitimate).

    Originally posted here by wightOlore
    cuz with my limited knowledge it seems like i'm utterly invinceable thank you for your time
    This statement is utterly false, no matter what setup you have. A firewall is a good start, but it does not provide total immunity from attack. The best way to approach security is a layered approach. Firewalls with application awareness are a good start, but it is absolutely critical that your run AV on all your systems, that all systems have the latest patches applied, and that all email be filtered for malicious content. You could also have your hardware/application aware firewall connecting all your computers, but then run a personal firewall on your computer. The more hurdles you provide, the systems and cirumstances the 'bad guy' will have to overcome to obtain access.

    So, lets review:

    1) Firewalls are only as good as the person making the rules. A bad ruleset can turn a firewall into a router.

    2) A firewall will have a hard time stopping certain things, like malicous email, and therefore security-in-depth should be used.

    3) Make sure you have AV and keep it up to date.

    4) Make sure you keep your systems up to date.

    In conclusion, firewalls, if implemented correctly, are a good start, but are by no means a complete solution.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  8. #8
    Junior Member
    Join Date
    Aug 2004
    Posts
    7
    However, if your in stealth, your computer will never send the packet back (there will be no ACK), leaving the data packet to simply disappear in cyberspace and never return, hence you appear invisible to the sender.
    thank you guys for all you help.. ^ btw i do have NAT someone mentioned that and yes i think this is what my computer seems to be doing .. i've tried to run nmap against myself and it says the host seems to be down i have added their suggested -P0 command and it still says no host found... < sorry if that doesn't make sense.. i've simply tried to "ping" my self and it returns with 3 packets lost.. i should have been more specific with this q but is it possible for people to still get "ACK" packets with my router and firewall currently configured to not send the "ACK" back.. like to somehow disable for a second without having me click on one of their trojans or visiting a harmful website.. are people really that good? thanks again for the quick responses

  9. #9
    Also keep in mind that if you want to test your security with tool such as nmap, you need to do it from another computer as opposed to having a computer scan itself. Results of the latter can be misleading.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •