what the heck is a hard ware fire wall

Discussion in 'other firewalls' started by Mr.Blaze, Jul 22, 2002.

Thread Status:
Not open for further replies.
  1. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    My dad was at his budys house they were looking for something and just bs,ing.

    my dad asked his frind if he could dowenload something and his frind said ok ill just leve the computer on and runing .

    my dad asked you just going to leave it on frind said yes

    then my dad said arnt you worry you get hacked leveing it on all night unintended.

    frind said no i have a hard ware fire wall imposiable to hack unlike software fire wall which can be hacked.

    is this true

    is there such a device

    a hard ware fire wall?
     
  2. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    Yes. Ask Mr Google.
     
  3. controler

    controler Guest

    Blaze

    there are very expensive hardware firewalls but most routers are concidered hardware firewalls.
     
  4. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    The category of products that you are referring to do the job of gateway, router and firewall (inbound only) The reasonably priced SOHO ones are pretty cheap.

    Can they be hacked? Of course they can. In not, Cisco would be out of business. The benefit they have is that they are separate from the computers behind them, so a compromised system that has had its software FW blown out still had an inbound firewall working. It is feasable that a trojan could capture the password to log into the router, then log in by itself and open thing up, but I have never heard of such a thing.

    The router itself had firmware that may be vunerable and exploitable itself, and if so, it is as hackable as anything. I haven't seen any exploits but they may be out there. Most hardare FWs update the firmware often so they might not be useful long.

    To get an external FW that does incoming and outgoing traffic, money is involved. The cheapest way is to use an old system with a plain jane linux or freeBSD os running IPchains or something similar.
     
  5. snowy

    snowy Guest

    Unicrom

    would using two computers.....one with a rule based firewall....the other with an application firwall....the second computer proxied to the first......be along the same lines as what you stated o_O

    snowman

    P>S

    I think there is at least one free hardward firewall for linux......can't remember its name off hand....
     
  6. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    That is sort of it. The first computer runs a rules based firewall like "IPchains". It handles both inbound and outbound traffic, can do most anything you want it to (insert steep learning curve here). This computer has your internet connection directly connected to its FIRST network card. This computer has a SECOND network card that connects to a hub (if you want many computers) or directly to the other computer. If you wish to run that computer as a domain controller, other things must be done but that is beyond the scope of this thread, but as a simple firewall, no proxying is needed. The first computer is just a glorified packet filter (a firewall).

    This stuff is fun, but expect difficulties setting all this up if you are not alinux guy/gal


    there are no free hardware firewalls. No one will give away free hardware!?

    There are several software firewalls available for linux and freeBSD distributions. When you combine this with an old system (like a 486 or a P90 etc) you in essence create a stand alone dedicated hardware firewall. The software to do this is free, but you'll need your own hardware.

    BUT... a firewall like IPchains is not user freindly. If you find rules based firewalls like tiny difficult, then IPchains will be impossible to configure. You'll be forced to learn what a firewall does, no hand holding here. There are tutorials out there, and that might help.
     
  7. snowman

    snowman Guest

    Unicron

    thankya for the informative reply....for months I've been trying to find an old working win95 just to try this.
    can see many advantages..........>>>p.s...now considering linux...got some serious reading and learning to do first.......if not linux than w2k.....wont move pass w2k..

    snowman
     
  8. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    using a windows os of any form totally defeats the purpose of all this.
     
  9. snowy

    snowy Guest

    UNICRON

    I don't think I neded to ask...but why? LOL

    actually I was thinking of asking you.....you are on Linux right......is it Linux installed on another drive of windows....or say a Max...?
    reason for asking...I am now considering Mandrake...I already have norton ghost..(no idea how to use it) but will learn.....an set for a dual boot.....your opinion please.......I've a feeling you may not think very highly of windows LOL

    snowman
     
  10. snowy

    snowy Guest

    Unicrom

    forgot to mention..I have..brand new still in wrapper..windows 95 for IBM.....I know nothing about IBM.

    snowman
     
  11. snowy

    snowy Guest

    will be off for a bit...got some sort of problem..took several minutes to load pages and post.....I think its on my end...has been this way for the past hour...will pull the cable and re-boot.

    snowman
     
  12. FanJ

    FanJ Guest

    See this thread for 2 links to an introduction of routers:

    http://www.wilderssecurity.com/showthread.php?t=1031
     
  13. snowman

    snowman Guest

    FanJ

    thanking ya........

    snowman
     
  14. FanJ

    FanJ Guest

    Hi Allan,
    You know more about this than I do, so please correct me if I'm wrong....

    In general: a router (or hardware firewall) examines inbound traffic.
    There are indeed routers (for example Zyxell Zywall10) that examine outbound traffic.
    But that "controlling" of outbound traffic can not be done in the fine-graded way a rule-based software firewall, installed on your machine, can do it. What do I mean?
    You can tell a rule-based software firewall installed on your machine that application A is only allowed to make outbound contact through port X to IP-number N.
    But you can NOT tell the Zywall 10 that about that application A, cause the Zywall 10 does not know WHICH application wants to have outbound contact.
    So, with respect to controlling which application to get outbound access to where, you still need a rule-based software firewall on your machine.
    That said, it still is very nice if your router allows you to make some kind of outbound rules.

    Does this make sense?
     
  15. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    hey guys sorry I was away fro a bit.

    Snowy, using a windows os for the initial firewall doesn't help much for several reasons. You can't keep a microsoft os from calling home (they call home before your firewall can load, and I don't trust M$ to play by the rules and allow your firewall to block calls later. theoretically, an os can bypass the firewall anytime it likes) so the only way to stop this is to intercept the call with a non M$ os.

    Next, if you were to use the same M$ os for the firewall, any security hole found in that M$ os is going to work on both computers anyway. If you use a more secure M$ os like w2k for the firewall, one would wonder why you would use win95 for your client machine in the first place.

    Jan, this dedicated firewall of ours is not likely to handle applications like a software firewall does as you mentioned, so it is not a total replacement for the software firewall, but probably 90%. The part it does cover will be far better than the software firewall, with the software firewall handling rogue programs and missed trojans. These programs would have to use ports you have allowed (mail, http ftp) since all others you have not specifically opened would be closed to any app.

    All this gets us one step closer to the bullet proof asymptote we try to reach. It is a bit of an effort to get working for sure, but with M$ increasing its snoopiness lately, I think they can be trusted less and less.

    For the record I use both Linux and windows, I am not 100% ready to make a full transition away from windows. Also I have one machine that has a hardware problem that keeps crashing under any os, but it a tad (a small tad) more stable under windows than linux for some reason.
     
  16. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    Thanks, UNICRON! This is really helpful. I'd like to ask, are there hardware systems which are better for Linux? My current system may or may not be compatible with Linux. Frankly, I do not know what is compatible. It's like the warning I got when I took out most of the software installed at the factory. After I removed it and the registry keys from it, my system settled down and stopped crashing. I have Win98se on an HP Pavilion.

    The above is related to this thread because 1) I will eventually be switching to Linux (I don't trust M$ either) and 2) I am going to get a hardware firewall (also have some ideas about that). Right now, I have lots of questions. Thanks again for answering some. :)
     
  17. controler

    controler Guest

    Here is the link to the latest Mandrake Beta

    http://www.linux-mandrake.com/en/
     
  18. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    gaspppppp my head exploded tohigh tech for blaze lol and i thought i was bad with my toys lol
     
  19. snowy

    snowy Guest

    Unicron

    you present some excellent points...for which I thank you.......an if I may further imposed upon you please...
    whats your thoughts on booting from the command line...logon...start\shut down..command line....which is possible with win95.. 98.. ME.....don't know about the other os.............while this is not specfic to the discussion on the firewall.....what if any usefulness..in your opinion would it have..if anyo_O (FE: the call-home exploit)
    certainly in agreement here on the insecurity...an totally lack of trustworthness..my personal pref also........my thoughts were to completely strip the windows os to the very barest....which is not anything I would consider doing to an update machine....was trying to find a trashed machine..win95...to first practice........this now leads to my next question.......can a linux be the client machine.....an windows machine connected to it ""....this asked strictly for personal knowledge.........
    another question.......if I correctly understand..for the best solution..on this subject.....linux to linux would be the most advantagous o_O? since linux is a complete unknown quantity to me.....I need to thread lightly into this.
    .....perhaps first learn linux??
    not wishing to impose upon you please if replieing is too time consuming I fully understand.
    perhaps I should mention that also being considered was a dual-boot on the win95....(further consideration of the dual boot leaves me believing this may not be any real enhacement)

    thanks
    snowman
     
  20. snowy

    snowy Guest

    **NOTE**

    the issue FanJ addressed has been of some concern to me........an finding a complete solution without added complexity

    snowman

    only after complete recovery from my present illness would any of this be attempted....
     
  21. snowy

    snowy Guest

    MandrakeSoft Inc. and Microtel Computer Systems to offer PCs pre-loaded with Mandrake Linux® at <walmart> 2002-07-15


    Altadena and City of Industry, CA, July 15th 2002 - To meet the growing demand for low-cost and fully-featured personal computers, MandrakeSoft, Inc. and Microtel Computer Systems will be offering PCs preloaded with Mandrake Linux at <walmart> Prices start at $389.



    Mandrake Linux is famous in the Linux world for providing an easy-to-use yet powerful Linux operating system. These new Mandrake/Microtel systems are loaded with applications for surfing the Web, exchanging e-mail, listening to musical CDs and MP3s, and other functions plus the complete StarOffice® 6.0 office suite. StarOffice 6.0 provides applications for word processing, spreadsheet, presentation, graphics, and database capabilities. StarOffice features an intuitive graphical user interface (GUI) and is compatible with files created with other desktop suites, such as MS-Office.

    The Mandrake/Microtel systems, available only at <walmart> are completely preconfigured and ready to use. Owners will find everything needed for a productive workstation including:


    Mozilla -- a world-class web browser, news & email reader
    The GIMP -- a powerful image editing program
    GnuCash -- personal finance manager
    XMMS -- a multimedia player with custom "skins" and visualization plugins
    And dozens of games, graphics, sound, video, and educational programs.
    Plus, MandrakeSoft's famous graphical configuration utilities -- for setting up hardware peripherals -- are just one click away on the KDE or GNOME desktop
    (paste from the link provide by Controler)

    at that price..hmmmmmm

    snowman
     
  22. snowy

    snowy Guest

  23. FanJ

    FanJ Guest

    Hi Snowman,

    I wouldn't be too concerned about it.
    The combo of a router (hardware firewall) and a software firewall (if one has the knowledge: a rule based one, else an application-based one) installed on your machine is the best solution, if you have the money for a router (if not, then only software firewall on your machine).
    That router can be a self-build one with for example Linux running on it, or one you buy in a shop.
    Routers which you buy in a shop, come in all kind of flavors, from cheap to very expensive.

    Regards, Jan.
     
  24. FanJ

    FanJ Guest

    Hi Blaze,

    Please don't explode ;)

    OK, what's a hardware firewall?
    It is also some times called a router.
    It is a hardware box that you put between your PC and your modem (that means: you have to have a separate modem).
    One side of the router is connected to a networkcard in your PC, the other side of the router is connected to the modem, which is connected to the internet.

    There are all kind of routers.
    Some routers have a build-in modem, so in that case you don't need a separate modem.
    Some routers give you the possibility to connect more than one PC to the router, so all those PC's can connect through the router to the internet.

    You can think of a router as some kind of a small, little PC.
    Just like in a PC, in the router is also running some kind of an Operating System (OS). But that OS is not Windows. Every company that makes a router, makes its own "OS" to run in the router. That "OS" in the router doesn't have to do all the things that your Windows OS does. It only has to perform the specialized tasks for that router.

    What does a router?
    Let's first have a look at your software firewall that is running on your PC; in your case that is ZAPro.
    What does ZAPro? It controls all traffic that comes in to your PC and all traffic that leaves your PC.
    You can make a "rule" in ZAPro that tells it that Internet Explorer is forbidden any connection to the internet; call this kind of traffic "outbound traffic".
    ZApro is also capable to deny access from the internet into your PC from all kind of scans by script kiddies who try to get into your PC; call this kind of traffic "inbound traffic".

    OK, now back to the router. What does it do?
    It controls all inbound traffic (and some routers can also control more or less outbound traffic).

    Now why would you like to have a router? Simply:
    it does not run windows with all its holes;
    it only has to do one task: controlling traffic;

    Routers are in general much more secure; they are not that easy to "crack" (if that is the right English word for it).
    I am not saying that routers will never be "cracked", but it is far and far more difficult than with Windows.

    In case you do have a router (hardware firewall), it is a very wise decision also to run a software firewall on your PC. Why? That software firewall on your PC is better in controlling outbound traffic than your router.

    You can buy a router in a shop (or on-line).
    You can also build your own hardware firewall: take an old 486 or Pentium I PC, and then install some kind of Linux-flavor on it; there are *NIX software firewalls that you can run from a simple floppy, in this way building your own hardware firewall.

    I hope that I was able to make it all a little bit more clear.
    As always: please feel free to ask questions !!!
    (and yes, I know, I simplified it maybe too much).
     
  25. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    =) oh i get it its a gate way between your real os and a wall that the hardware firewall builds in between

    an independent os and the internet in theory it more secure its a method to build a wall since its hardware and independent its harder to crack.

    but why not make a hardware fire wall that cant be rewriten you said it has its owen os that mean it still some typ of software built in right?

    why not make a hard ware fire wall that cant be rewriten in theory no hack blaze .

    blaze got tank lol
     
Thread Status:
Not open for further replies.