All software firewalls can be bypassed by hackers?

[Miyasashi]

Quote:

Originally Posted by Mrkvonic

Miyasashi, that's a completely wrong analogy...
Mrk

lol how so?

everything man-made has flaws

[Mrkvonic]

Because ports are not doors. Second, unlike real life, where doors are something rather abstract, in network security, the basics that Nyquist and Shannon set for us are based on pure simple physics and therefore not prone to any wild-life mis-interpretation.

There's only so much data you can send down a cable and there's so many bits you get light up in a data frame and so it is. Boring and constant.

If you want to get sobered up quickly, read on these two fellows I mentioned above and then read about IP or TCP packet header and you'll see how simple and non-magical things are. Which is exactly their magic. Simplicity.

Mrk

[Miyasashi]

Quote:

Originally Posted by Mrkvonic

Because ports are not doors. Second, unlike real life, where doors are something rather abstract, in network security, the basics that Nyquist and Shannon set for us are based on pure simple physics and therefore not prone to any wild-life mis-interpretation.

There's only so much data you can send down a cable and there's so many bits you get light up in a data frame and so it is. Boring and constant.

If you want to get sobered up quickly, read on these two fellows I mentioned above and then read about IP or TCP packet header and you'll see how simple and non-magical things are. Which is exactly their magic. Simplicity.

Mrk

Why do people use hardware/software firewalls? Aren't they to shut down the entrance to your computer?

[Mrkvonic]

Quote:

Originally Posted by Miyasashi

Why do people use hardware/software firewalls? Aren't they to shut down the entrance to your computer?

People use firewalls because:

1) mostly they have been told to do so
2) the software will do a better job of watching their traffic than them
3) firewalls are meants to filter out unsolicited inbound traffic, where this is applicable, namely open ports.

Therefore, regarding 3) if you have no open ports, there is no meaning to using a firewall software. Example, Ubuntu, by default, ships with ports closed, hence no need for firewall and indeed, it is disabled by default.

My explanation in the previous post was in regard to your doors analogy.

Mrk

[Mrkvonic]

Here's a great article:
http://en.wikipedia.org/wiki/A_Mathe..._Communication

Download and read the PDF. Written in 1948 and set the future for Internet and everything else ...

Mrk

[Miyasashi]

Quote:

Originally Posted by Mrkvonic

People use firewalls because:

1) mostly they have been told to do so
2) the software will do a better job of watching their traffic than them
3) firewalls are meants to filter out unsolicited inbound traffic, where this is applicable, namely open ports.

Therefore, regarding 3) if you have no open ports, there is no meaning to using a firewall software. Example, Ubuntu, by default, ships with ports closed, hence no need for firewall and indeed, it is disabled by default.

My explanation in the previous post was in regard to your doors analogy.

Mrk

1) They do yes.
2) Like you can make out a process name what it's using the internet for O_o
3) Correct

I am using Windows Vista, not Ubuntu... how do you know if ports are open? and some people have routers with built-in firewalls and even without one a software-firewall is not needed.

You're implying that firewalls are not needed yet you tell me ports are closed in Ubuntu... so what do Windows users have to do to make sure those ports are closed and why do they need to be closed if you say nothing happens when a port is open.

[Mrkvonic]

1) I did not say nothing happens when ports are open.

2) Here you go:
http://www.wilderssecurity.com/showthread.php?t=229157

Mrk

[Miyasashi]

Quote:

Originally Posted by Mrkvonic

1) I did not say nothing happens when ports are open.

2) Here you go:
http://www.wilderssecurity.com/showthread.php?t=229157

Mrk

You did say this:
"3) firewalls are meants to filter out unsolicited inbound traffic, where this is applicable, namely open ports."

Meaning unsolicited inbound traffic comes through those open ports.

If the ports were closed in the first place, that traffic won't reach it's destination.
I am not sure why certain ports in Windows are open but a firewall makes sure they're closed right? But if the firewall fails because of flaws in the code, the port could be open still.

[Kerodo]

Quote:

Originally Posted by Miyasashi

You did say this:
"3) firewalls are meants to filter out unsolicited inbound traffic, where this is applicable, namely open ports."

Meaning unsolicited inbound traffic comes through those open ports.

If the ports were closed in the first place, that traffic won't reach it's destination.
I am not sure why certain ports in Windows are open but a firewall makes sure they're closed right? But if the firewall fails because of flaws in the code, the port could be open still.

A firewall doesn't close ports, it simply prevents unwanted/unsolicited inbound traffic from reaching those open ports. If the firewall fails to do it's job, then yes, unwanted inbound traffic could reach those open ports, and possibly take advantage of vulnerabilities in the software holding the port(s) open. I would guess that most software firewalls do their job fine and prevent all this from happening. And I'd say you'd be hard pressed to find a "hacker" that could penetrate a software firewall from the outside.

[Mrkvonic]

No, ports remain open, but traffic does not reach them. The firewall is used to filter traffic - not control ports.

Firewalls could fail, yes, but this does not happen often. TCPIP stack has been quite robust in the last few years. And have been the firewall implementations.

Mrk

[Miyasashi]

Quote:

Originally Posted by Kerodo

A firewall doesn't close ports, it simply prevents unwanted/unsolicited inbound traffic from reaching those open ports. If the firewall fails to do it's job, then yes, unwanted inbound traffic could reach those open ports, and possibly take advantage of vulnerabilities in the software holding the port(s) open. I would guess that most software firewalls do their job fine and prevent all this from happening. And I'd say you'd be hard pressed to find a "hacker" that could penetrate a software firewall from the outside.

Well, in the end it's the same as a closed port. Well said btw

Quote:

Originally Posted by Mrkvonic

No, ports remain open, but traffic does not reach them. The firewall is used to filter traffic - not control ports.

Firewalls could fail, yes, but this does not happen often. TCPIP stack has been quite robust in the last few years. And have been the firewall implementations.

Mrk

Doesn't everything have flaws? Everything goes by the rule of imperfection is what I think. Maybe I'm just stupid could be XD I am imperfect in a really bad way

Well yes.
I have seen allot of security software, especially AV's, getting disabled by virusses.

[rOadToIS]

Quote:

Originally Posted by demonon

Well yes.
I have seen allot of security software, especially AV's, getting disabled by virusses.

Can you please specify?


LowWaterMark: Removed PS which was a link asking people to vote on a poll. No need to spam your Polls in every post you make. Many posts and all "please vote" links have been removed.

[TechOutsider]

Well it isn't that hard; try System Shutdown Simulator for starters.

[Mrkvonic]

Viruses, SST - nothing to do with inbound traffic.
We're talking local execution. For that matter, format your hard disk and that's it.
Mrk

[GES/POR]

Quote:

Originally Posted by rOadToIS

Is it true that all software firewalls such as ZoneAlarm, Comodo, Online Armor etc can be bypassed by hackers?
I also heard that once hackers bypass them, they disable them.
How can I be protected by these bypasses?

1 idk
2.1 idk 2.2 ZA would be more prone due to its popularity but CF n OA are very much prepared for such an "inside" attack
3 idk but a substitute for WF such as CF or OA would def improve your security

[Fly]

Quote:

Originally Posted by rOadToIS

Is it true that all software firewalls such as ZoneAlarm, Comodo, Online Armor etc can be bypassed by hackers?
I also heard that once hackers bypass them, they disable them.
How can I be protected by these bypasses?

Inbound or outbound access ?

Basic or better outbound filtering is supported by most commercial firewalls, but some are better than others in detecting sneaky ways malware sometimes tries to connect out on your system. Not all malware uses 'sneaky' methods to establish an outbound connection. Leak-test 'proof' firewalls are overrated, IMO.

Incoming traffic ? Assuming you don't have a wireless connection, network, router (I'm trying to keep it simple) a good software firewall should keep you safe.
But an elite hacker could probably hack your computer is he/she is willing to spend the time and effort to do that.

There is no 100 % security.

[andyman35]

Quote:

Originally Posted by Fly

Inbound or outbound access ?

Basic or better outbound filtering is supported by most commercial firewalls, but some are better than others in detecting sneaky ways malware sometimes tries to connect out on your system. Not all malware uses 'sneaky' methods to establish an outbound connection. Leak-test 'proof' firewalls are overrated, IMO.

Incoming traffic ? Assuming you don't have a wireless connection, network, router (I'm trying to keep it simple) a good software firewall should keep you safe.
But an elite hacker could probably hack your computer is he/she is willing to spend the time and effort to do that.

There is no 100 % security.

You're quite correct that there is no 100% security,however a hacker,elite or not,wouldn't just be able to penetrate a stealthed firewall from the outside,since there'd be 'nothing' there to hack.

[Fly]

Quote:

Originally Posted by andyman35

You're quite correct that there is no 100% security,however a hacker,elite or not,wouldn't just be able to penetrate a stealthed firewall from the outside,since there'd be 'nothing' there to hack.

According to many people, see posts in this forum, 'stealthed' does not mean much/isn't useful. Do a search if you want more information.

[Mrkvonic]

The most important firewall to get by is the one in our heads.

Once we get past fear and fiction, true learning and true FUN can begin. Until we get away with movie-style misconceptions and paranoia, we won't get far ahead in our quest for knowledge.

The head firewall is the one most easily head; software tends to be more rigid.

BTW, the term hacker is really loose here. Would you define me a hacker?

Mrk

[Miyasashi]

Quote:

Originally Posted by Mrkvonic

The most important firewall to get by is the one in our heads.

Once we get past fear and fiction, true learning and true FUN can begin. Until we get away with movie-style misconceptions and paranoia, we won't get far ahead in our quest for knowledge.

The head firewall is the one most easily head; software tends to be more rigid.

BTW, the term hacker is really loose here. Would you define me a hacker?

Mrk

Isn't it "cracker" instead of "hacker"?

and do you play role-playing-games?

[Mrkvonic]

I sometimes play the "firefighter" and "doctor" with ...

Both cracker and hacker are overused for just about anything technical that has to do with computers.

Mrk

[andyman35]

Quote:

Originally Posted by Fly

According to many people, see posts in this forum, 'stealthed' does not mean much/isn't useful. Do a search if you want more information.

The problem is that there are almost as many different opinions as there are posters here,does that make everyone wrong? no it just means that there are far too many variables for there to be a definitive right/wrong answer.

[noone_particular]

Miyasashi,
In order for the "doors" analogy to be correct, you need to realize that these "doors" don't have any latches, locks, etc that can be operated from the outside. They can only be opened from inside.

To continue the analogy, a firewall is more like a big wall in the path leading to that door. Whether the door (port) is open or not, traffic doesn't reach it because of the (fire)wall in the way.

A lot of users do rely on a firewall to block traffic to open ports. In my opinion, this is a "band-aid" approach to security, and not the way a firewall should be used. If the port isn't being used for some necessary purpose, it should be closed.

A software firewall's primary purpose is controlling traffic. They're at their most effective when they're used to specify which traffic should be allowed with all other traffic blocked by default. An application or service that needs to receive incoming traffic opens a port for that traffic. The app or service may only need to communicate with one specific place, but without a firewall, traffic from any place can attempt to connect to it. With a software firewall, the user can specify what address or address range the allowed traffic has to come from.

Most applications and services that listen for incoming traffic use specific ports that are commonly known. When a vulnerability is found in one of those apps or services, the port it uses gets probed heavily by those looking for that vulnerable app and a chance to exploit the system running it. This continues long after the vulnerability is fixed, looking for those who didn't get around to patching it. When a software firewall is used to limit the IP addresses that can connect to it, scans from IPs outside of that range don't see that open port and cannot connect to it. This can be especially useful when a new vulnerability is found and not yet patched. Address specific firewall rules can prevent an attack that targets that app or service from reaching it.

I'd like to clarify one other point. Unless a software firewall has some major design flaw, hackers, crackers, or whatever you want to call them don't just bypass or defeat them. They probe them, looking for overlooked items, rules that allow too much traffic, etc. They look for weak or bad configurations. Look at the people in this forum for example. They're more security conscious than most, yet many of them don't know how to write tight firewall rules. What are the chances that the average user will do any better with a security suite from the store shelf? A software firewall is only as effective as the security policy it's enforcing and the rules the user (or the software itself) writes.

[Miyasashi]

Quote:

Originally Posted by noone_particular

Miyasashi,
In order for the "doors" analogy to be correct, you need to realize that these "doors" don't have any latches, locks, etc that can be operated from the outside. They can only be opened from inside.

To continue the analogy, a firewall is more like a big wall in the path leading to that door. Whether the door (port) is open or not, traffic doesn't reach it because of the (fire)wall in the way.

A lot of users do rely on a firewall to block traffic to open ports. In my opinion, this is a "band-aid" approach to security, and not the way a firewall should be used. If the port isn't being used for some necessary purpose, it should be closed.

A software firewall's primary purpose is controlling traffic. They're at their most effective when they're used to specify which traffic should be allowed with all other traffic blocked by default. An application or service that needs to receive incoming traffic opens a port for that traffic. The app or service may only need to communicate with one specific place, but without a firewall, traffic from any place can attempt to connect to it. With a software firewall, the user can specify what address or address range the allowed traffic has to come from.

Most applications and services that listen for incoming traffic use specific ports that are commonly known. When a vulnerability is found in one of those apps or services, the port it uses gets probed heavily by those looking for that vulnerable app and a chance to exploit the system running it. This continues long after the vulnerability is fixed, looking for those who didn't get around to patching it. When a software firewall is used to limit the IP addresses that can connect to it, scans from IPs outside of that range don't see that open port and cannot connect to it. This can be especially useful when a new vulnerability is found and not yet patched. Address specific firewall rules can prevent an attack that targets that app or service from reaching it.

I'd like to clarify one other point. Unless a software firewall has some major design flaw, hackers, crackers, or whatever you want to call them don't just bypass or defeat them. They probe them, looking for overlooked items, rules that allow too much traffic, etc. They look for weak or bad configurations. Look at the people in this forum for example. They're more security conscious than most, yet many of them don't know how to write tight firewall rules. What are the chances that the average user will do any better with a security suite from the store shelf? A software firewall is only as effective as the security policy it's enforcing and the rules the user (or the software itself) writes.

The door is a "Fire Escape Door" !

can only be opened from the inside unless it has a lock on the other side ofcourse.