Skip to main content

understanding what firewalls are capable of

More
13 years 9 months ago #36148 by S0lo
Thanks for the fine read Chris,

Ender, may I add that security deployment needs to be "just enough but not more", Sure we all want as much protection as possible, But not more than that. Otherwise you might end up blocking/slowing your own services or delaying your users work. There is usually a thin line between whats required and whats too much. A line that can be easily overlooked by system admins. And thats one of the reasons why security is NOT always easy to implement.

One personal example here that comes to mind. Our organization (university) once deployed a net password access protection. Each and every employee had to type a user/password once EVERY DAY in-order to access the internet. The logic behind that was obviously to deny access to outsiders who come in frequently and freely and to block hanging/malicious programs from accessing the net and occupying bandwidth. Great!!, BUT the password access expired every 12 hours or so, meaning that if an employee starts an important download of say a 3Gb file today, he would find it stopped in the middle of the download when he comes tomorrow!!. Eventually our organization canceled the protection after 2 years.

Furthermore, too much protection CAN be used by attackers. An attacker can intentionally send traffic that triggers a firewalls protection policy. For example, port security in Cisco switches can shut down switch ports if a unknown MAC address is used. So what happens if an attacker uses that to constantly shut down many ports.

I've heard that as long as you don't have a service listening on a port, then there's no way to break into that machine through that port.


Thats true most of the time. Like 99% of the time. The 1% here accounts for faulty firmware or a bugy unpatched IOS, or a firewall that is already compromised by say DoS.

And I've also heard that pro's can get through any firewall in existence and once you send something behind the firewall, you then open it up from the inside to to more.


If you meant sending fake reply traffic, It's possible but not easy, the attacker has to know both the TCP port and target IP to setup reply packets correctly to enter inside the network. And he has to send it at the right time. Thats as far as I know.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
13 years 9 months ago #36154 by TheBishop
This is a very interesting thread.
When personal firewalls first came out I encountered quite a few people who installed them on their PCs and then adopted the attitude "I'm protected now, I have a firewall." Needless to say I ended up clearing spyware off some of their machines.
Security is like a brick wall - it is made up of a number of bricks and a good firewall is just one brick. You need the whole wall to be secure. And even with the full wall you've got to be endlessly vigilant to adapt to new threats, plus there's always the little hole that you forgot to fill up...
More
13 years 9 months ago #36160 by rizin
So what do you guys suggest about IPCOP for SOHO, is it worth ?

Known is a drop, unknown is an Ocean
More
13 years 9 months ago #36161 by TheBishop
I'd say a firewall is essential for SOHO working, and IPCop is a good firewall. But if, say, you're on an ADSL line then chances are you already have a reasonably good firewal in your ADSL router so in basic protection terms you might not really need a second. Where something like IPCop does score over these little firewalls though is that you get decent logging and you can host things like Snort on there too. Plus you can add an extra NIC and have a real, physical DMZ if you want one.
More
13 years 9 months ago #36167 by rizin
Thanks Bishop,

Good suggestions, Well in this case Did i suggested a right solution for Ender@author requirement for SOHO OR If for medium business We can suggest something else.

Guys, irrespective of any intrusions in the network, we have to select any best firewall on which gives performance 99% even if 1% failure which is by an large unavoidable.

Would you guys suggest which is the best firewall for medium and large sized business according to your individual experiences.

Thanks,

Rizin

Known is a drop, unknown is an Ocean
More
13 years 9 months ago #36240 by sose
A firwall can also mean a device or software that protects what is in front of it from what is behind i t. what is in front is the Internet and behin is your private network or host.

Take note, a badly configured firewall is better than no firewall at all.

Ports on a firewall means you are poking a hole on your firewall, therefore you have to be mindful the number of holes you poke on your firewall. if you need to browse the Internet or resolve DNS then port 80 and 53 should be opened respectively. When a criminal hacker tampers with the port number in his packet header he could get into your network. How ever some ports need to be opened, I guess these are necessary evils.

In addition to what brother chris said, bypassing a firewall is a huge field, it is almost an art, and can consume a life span

@Ender, Have you ever read a book called HACK NO MORE . There is an impression we are trying to correct in the security world- security is not a product but a process. the internet itself is still an experimental process. Therefore, security is a protective process in a wider scope of process. there have never being a perfect man-made process- Time is my witness( excess my philosophies).

when protecting a given resources, you have to consider a chain of parameters: People Process and Technology. People constitute the biggest problem, because you can buy the best technology, but you can never rule out the fact that a user with do something
stupid.

Also, it is paramount that you understand the psychology of a criminal hacker when defending a network. And there are questions you need to ask like who is the threat, why do they attack, what tools do they use in attacking, how do they attack and possibly when will they attack. To stop a criminal you need to posses the ability to think like a criminal, after all you are just trying to gather intelligence report on the criminal hacker

I will make subsequent contribution in due course
Time to create page: 0.135 seconds