Do we really need a firewall?

Discussion in 'other security issues & news' started by sweater, Nov 8, 2005.

Thread Status:
Not open for further replies.
  1. sweater
    Offline

    sweater Registered Member

    I am just curious… what can you say on the quote below:

    “@John: a good firewall makes a system perfect? oh dear.. I dont run a firewall, and never have done.. I kinda got a bit of a mental block about the whole process of opening up a dangerous port then having firewall software pester my cpu and have it look at every packet that comes through.. better to just close the port.. prevention, not cure :)

    It sounds interesting, isn’t it? Is it really possible to be safe without using a firewall? o_O :rolleyes:

    Of course there’s no reason not to use one coz there are lots of available free programs out there and topics and forums that talks bout firewalls. But… how about if one chooses not to use a firewall? What’s the best alternative that you can suggest… and how can we close all those vulnerable open ports? Can we considers Windows Worms Doors Cleaner (WWDC) of gkweb just enough to close those ports? o_O
  2. hollywoodpc
    Offline

    hollywoodpc Registered Member

    Hi Sweater .
    I always get the idea that you try to goad people with your questions . Well . Here it is . You do not have to use a firewall to be safe . However , you still need something for security in order to stay safe . I can tell you one or 2 products that you can use without ever using a firewall . I will not mention them in here though as people think I might be forcing an opinion on you . Ports being open are not really a problem IF you use an app to detect what is being let through . Bottom line . No , you do not need a firewall . BUT , in order to be secure , you must use something to take the place of one . Some people may tell you just use a router . Same thing as a firewall basically . Hope that answers your question . I would not recommend running without something in it's place though . Otherwise , it is a matter of time before you are compromised .
  3. Arup
    Offline

    Arup Guest

    Block all hackable ports with EMSA port blocker or other related apps, use good AV, preferably with a web scanner, you have to harden TCP layer as a rule and practice safe browsing, it is possible to run without one, I for one am only running CHX for inbound, comes close to being without a firewall as I have no outbound protection except for Antihook.
  4. trickyricky
    Offline

    trickyricky Registered Member

    Surely we can all connect to the 'net without a firewall, just in the same way as we can drive a car without wearing a seat belt. But firewalls are available, for nothing in many cases, and they do a useful job in helping protect you from some of the many dangers present on the 'net. As with vehicle safety and the fact that we use a combination of seat belts, airbags, crumple zones, safety cages and so on, it makes little sense to NOT use any available security since every bit certainly helps.

    Yes, you can operate without a firewall and be fine, but one day it could save your PC and data, so why take the risk?
  5. beef
    Offline

    beef Guest

    over the years this question has been asked a zillion plus times

    My question back to you is: "do you have enough knowledge and experience to attempt it"

    an since you had to post the question an ask......no, you do not have either the knowledge or experience......so, the next question would need to be: are you taking bets on how quick your computer will be hacked
  6. beef
    Offline

    beef Guest

    perhaps your question should be; Will someone teach me how not to need a firewall,
  7. NGRhodes
    Online

    NGRhodes Registered Member

    Few questions running through my mind are ...

    "I kinda got a bit of a mental block about the whole process of opening up a dangerous port"... "better to just close the port"
    If you are opening a port surely you are opening them for a reason to allow people to communicate with you ?

    Surely you would assess the risk of opening that port before opening it (think network hardware firewalls not just desktop OS)?

    Would be daft to open a port to the whole network or machine, so get it forwarded ONLY to the specific machine, specific application (that you trust in the first place enough to want to open a port to it), you need to trust the application that will listen on that port !

    What are the alternatives ?

    Dunno, problem is you have a server app listening, you never know when your gonna get an inbound request...

    what about a firewall ? ... the initial quotee is working on the assumption that the firewall leaves the port open and listens itself ... I thought most/all software firewalls hook into the TCP/IP stack in win nt OSes anyhow, with a driver and intercept the requests before opening the required port (that being if the firewall app is not running the port is shut (default state of driver is to keep ports shut)).

    Secure connections, use VPN or similar so that only trusted external sources can connect in?
  8. openports
    Offline

    openports Guest

    I think the quote is referring to the ports open by default if you run windows 2k,xp etc due to windows services. It's not really your choice to open them, but out of the box they are open.

    I'm not really sure if it's possible to close all ports on xp but if it's done, it would reduce the need for a firewall at least if you don't care about 'stealth'.

    And you don't think outbound filtering is worth springing for.
  9. ghodgson
    Offline

    ghodgson Registered Member

    Only 65,500 or so ports to ensure are closed. Much easier to use a firewall with a final block inbound rule.
  10. Kerodo
    Online

    Kerodo Registered Member

    The short answer is, yes it is possible, but not desirable, recommended, or wise... ;)
  11. lotuseclat79
    Offline

    lotuseclat79 Registered Member

    Hi sweater,

    Gordon's reply says it all, of course if you are up to the challenge, you could opt to use TCP/IP filtering with registry entries to enable it in:
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, whereas the specific settings for each interface are configured in the key:
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\Interface_GUID

    Note: Tcp/ip port filtering applies to all interfaces on the computer and cannot be applied on a per-adapter basis. However, you can configure allowed ports and protocols on a per-adapter basis.

    What is there, something like about 600 or so protocols out there?

    When configuring Tcp/ip filtering, you can permit either all or only specific prots or protocols listed for Tcp ports, Udp ports, or Ip protocols. Packets destined for the host are accepted for processing if they meet one of the following criteria:
    The destination Tcp port matches the list of Tcp ports.
    The destination Udp port matches the list of Udp ports.
    Th Ip protocol matches the list of Ip protocols.
    The packet is an Icmp packet.

    The Registry Values for Tcp/ip filtering are:
    Setting Type Description
    EnableSecurityFilters DWORD 1 enables Tcp/ip filtering; 0 disables it.
    UdpAllowedPorts MULTI_SZ 0 allows all UDP ports; an empty (null) value blocks all UDP ports; otherwise, the specific allowed UDP ports are listed.
    TCPAllowedPorts MULTI_SZ 0 allows all TCP ports; an empty (null) value blocks all Tcp port; otherwise, the specific allowed Tcp ports are listed.
    RawIpAllowedProtocols MULTI_SZ 0 allows all IP protocols; an empty (null) value blocks all IP protocols; otherwise, the specific allowed IP protocols are listed.

    Too much work to do it manually, but a configuration tool would be nice! Has anyone ever heard of any for Tcp/ip filtering?

    -- Tom
  12. openport
    Offline

    openport Guest

    Well all you need to do is to ensure that there are no applications listening on the ports ..... No need to filter all 65K ports. If so application is listening, you can't be hurt anyway.
  13. open port
    Offline

    open port Guest

    Sure, years ago I used to do it with win2k ipsec. Something like this. http://homepages.wmich.edu/~mchugha/w2kfirewall.htm
  14. Mrkvonic
    Offline

    Mrkvonic Linux Systems Expert

    Hi,
    I think firewall is essential for 99% of computer users. You can use router or packet filter, but I still think it's nice to know what goes out as well as in.
    Mrk
  15. adam one
    Offline

    adam one Guest

    Depends on different situations...

    Firewalls.. seem to be a thing of convenience, probably just the nature of an environment evolving around those that don't understand it.

    Many are told that firewalls protect your computer.
    From hackers.
    But many do not possess the technical knowledge of what exactly they are protecting...how, why, etc.

    I want my 8 minutes back.
Thread Status:
Not open for further replies.