Windows Firewall with Advanced Security (Guide for Vista)

Discussion in 'other firewalls' started by Stem, Apr 19, 2009.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Computers have open ports. Pretty common. You can shut down those by stopping services or programs. Leak tests were a way to show you visually what was being held open that a remote computer over WAN could see. It was big during dialup. After broadband and rotuers with NAT, the results of leak tests were skewed. If you dmz your computer, most will have ports open.

    But, that does not mean anything. An open port is basically visible. It does not mean it responds to a request. It can just give the message 'I am not home'. Or as many like to put it, it can reply 'I am here, try to break in'. A closed port will not even be seen. Closed/Open, not in regards to wether or not the actual physical/virtual port is open or not, but in reference to how it responds to a query. Many like to talk about 'Stealthed' ports. Oooh. Cool, I want stealthed. A stealthed port is one that is open but not responding to query. It is saying 'I hear the door knocking, but I ain't answering'. So the query assumes the port is non existent or stealthed.

    Before routers, firewalls were competeing to see who could entrap communications between your computer and the WAN/LAN. They did use this to show that a firewall is important because it can keep your ports undetected, which meant the bad guys doing port scans for open ports would not see yours and move on by.

    I think as time went by and more routers came into play, firewall vendors put more emphasis on leaktests. So did everyone else who wanted either fame or fortune.

    With a router utilizing NAT (network address translation) are firewalls really necessary? Not really. Most firewalls today are more about defending protected files, like dll's or .exe's from remote code injection or similar. Or they ride that fear factor of some rogue program getting into your system somehow and then sending information home. They tell you about what programs are requesting incoming/outgoing communications so you can decide if it OK or not.

    But as the wise Mrkvonic states, you can be smart enough to outsmart the bad guys with a good plan and good habits. (I cannot give enough credit to the simplistic advice he gives. It is just solid advice)

    But in fairness, not everyone wants to go through that process, so application firewalls do have a place.

    Now for Vista firewall or for that matter windows XP firewall, they are adequate for what they are designed to do. They are more like a yugo (if you remember those) than a cadillac. But they both will get you where you need to go if you know thier limits.


    Sul.

    EDIT: Not meaning to get OT, just thought a little clarity on Vista FW regarding it's differences in leaktest results might be nice here.
     
    Last edited: Apr 26, 2009
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    @Alex_s

    I dont see as to why you bring up leak tests, it as nothing to do with this thread. Rain_Train was asking about an "experienced hacker", which in computer terms would imply someone attempting to break IN to a computer.

    If a discussion is wanted about the Vista firewall and leak_tests, then fine, but do it on another thread and also include a way the leak_test can bypass my setup, get the leak_test onto my PC and get it to execute.

    If this thread turns into yet another schoolyard argument about leak_tests, then I will simply close the thread.

    - Stem
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    No no, not at all. There is no argument at all. As a thread devoted to using the Vista firewall, and talk of Vista possibly not being user friendly or not achieving success due to certain limitations, it is still on topic. The inclusion of leak tests, and the validity of them is also on topic. Remember that many peeps who are not members here will google up something along the lines of 'vista firewall guide', and hit this thread. Those same peeps, also might have heard of leak tests. Most likely they have. I thought it pertinent to give a synopsis of what they are, why they are around, and possibly what sort of decisions you might make concerning Vista FW because of them.

    I apologize, a few words did make it seem 'debatish'. Those comment are removed and I think it seem more informative now than it did.

    Sul.
     
  4. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    thats a very nice tutorial contains a bunch of useful information do you know are the ip sec and secure connection settings only usable in vista ultimate ? I have played around with those settings on my Home Premium and it seems like it doesnt want to let me add my computer or myself as a user to a security rule cause of something about group policy and group policy is not available in home premium.
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have only just started to look into the group policy. In Home premium there is no MMC snapin that can be used. I am just going through the various registry entries to see what can be set/changed.

    If you want to look through these you can download info directly from MS, but of course, do not change anything unless you are sure what you are doing and you have backup in place.

    I did see a thread somewhere on the forum concerning these setting with a guide, but unable to find that thread at the moment.

    Reg entries:- excel sheet

    If you dont have an excel viewer,
     
  6. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I don't think this is too easy task to break IN (to cause unauthorized code upload and execution) Vista even without any firewall. I think people exaggerate this possibility a lot until they run IIS. This is why I even didn't think about this opportunity. And even if something breaks IN to make a real harm it needs to pass info out, so outbound protection is at least of the same importance as inbound and when we talk of a "hacker bypass" we do mean the whole exploit lifecycle, not only "break in". Why out ? Just because the time of destructive and funny malwares passed away long ago. Nowaday malwares either steal info or participate in the bot-nets (this is valid for at least 95% of the malwares). This is why I think outbound protection is a valid point regarding ANY firewall. Yep, you may think it differently, but then you should call this thread differently, something like "Vista firewall, inbound protection only". And foreseeing your next argument that firewall is a packet filter only I should say I don't agree on this. Firewall is a s/w that controls network traffic preventing unauthorized information transfer. If it can serve this task without HIPS, this is OK, if not, then HIPS is a mandatory part of a modern firewall. The main point of serure firewall is to fully control information transfer, otherwise this is not a secure firewall but just an utility without too much sense for the most people.
     
    Last edited: Apr 26, 2009
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    It is possible,
    people exaggerate the need for leak_test protection

    That is my point, something needs to get IN before it can get out.


    - Stem
     
  8. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    of cousre this is possible, there is not such thing as 100%, but this is theoretically possible even with Vista firewall (actually any firewall, including HW firewall) installed.

    Yep, some people do, but I regard the need for inbound and outbound protection EQUALLY important.

    Yes, but can you guarantee 100% inbound protection ? If not, then oubound is something to care of as well. BTW, something can break in not only from inbound, it can break in by email, flash-drive, CD etc etc etc. And then the only outbound protection can stop it from sending info out. (and we know, that the final aim of the malware is to send info out, sending spam in case of a botnet, sending your addressbook in case of a spamcollector and so on.
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    No, that is why I put forward the need for an AV/sandbox
    If malware got onto my PC then I would retire from IT/Networking.




    - Stem
     
  10. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Funny thing, just a 5 mins ago I saw on TV a news about new botnet. BTW, does it matter for a "generic" security what would YOU do if got infected ? I believe you will not be infected. But most people are not that technically skilled and disregarding importance of outbound protection for them is not a good idea. ANY security aspect that can strenthen security should be regarded equally important, this is the only possible professional approach (if you are security expert, of course).
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    The problem is most infect themselves with downloads they allow, then allow to run, so it can be a case where they just allow all for that anyway.


    Most will also tell you that if malware gets to a point of attempting outbound, then you are in bad trouble.


    With leak_test anybody can download and test, and see their security application throw up a warning, then go on a forum with "mine catches this does yours" as we see many times. I prefer to stay away from such. My main interest is keeping the services comms secure and stopping any unauthorized access in through the security.
    I know I chase after vendors for better filtering for such as DHCP/DNS and I will continue. I know when such filtering is in place (or not) user cannot easily check so it does not get the same following.
    For example (as I have mentioned before) it is quite easy to spoof a DHCP reply and if a user was to be attacked in such a way, they simply would not know. I dont think it is too much to ask of firewall vendors to actually check the packet contents of the reply.

    I will leave the leak_test chasing to others, I will continue what appears to be a one man crusade for better filtering.


    - Stem
     
  12. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I don't argue your interest, no. That is to say you are very good in the things that fit to your field of the interests. But I think you are sometimes too sharp to the things that happen to be out of your interest, even when they fit in a topic :)
     
  13. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    What kind of information that is stored on your PC could have been taken and used against you? You asked "how can one know it for sure ?",, and the answer is... has anyone drained your bank accounts, or used any information stored on your PC to attack you personally or financially? If not, that's how you know for sure :)

    Think about it carefully.. what exactly can they steal from your PC that they can use against you? Even if a hacker gained access to my PC, I have nothing stored on my hard drive that they can use. All my sensitive data is heavily encrypted on a TrueCrypt file container and inside Keepass database. And only sometimes I open a sensitive encrypted data file to access personal passwords or other information, but even if a hacker got that text information that is stored in the database, they wouldn't know what it's for, because I never write any information next to the passwords etc that connects or tells anyone what that password is for. In fact, they wouldn't know what it's used for.

    And my bank uses a virtual keyboard that changes all the time, and you can use keyscramblers and you can use Neo’s SafeKeys.

    So even if I had a "leak" which I have never had in decades and I only use Windows Firewall and used internet for decades, it wouldn't matter or affect me personally or financially, because I am smart enough to be cryptic in what I write into databases and text files, and then I add another layer of security with strong encryption.

    And I change all my password regularly.

    So tell me... even if a hacker gained FULL ACCESS to my hard drive... what could they do to hurt me?
     
    Last edited: Apr 26, 2009
  14. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    Who is Mrkvonic ?

    Where can I read the report you refer to written by Mrkvonic ?

    Do you mean this website?

    http://www.dedoimedo.com/
     
    Last edited: Apr 26, 2009
  15. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    +1

    Exactly and something people need to remember.
     
  16. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    This is where common sense and having a "prevention is better than a cure" mentality comes into place. Developing higher awareness regarding security and not being stupid enough to click and run every email attachment the person is sent etc etc.

    In 20 years, I have never ever been infected with anything... due to being sensible and never clicking or installing something that I do not fully know what it is. And I never download any programs unless they are from well known and reputable companies. And in the case their website has been hijacked and I downloaded an infected program,, then my other comments that I posted a few comments above this one comes into play... outsmarting the hackers and criminals, that even if they got access to everything on my PC, it would be too cryptic for them to understand or work out what to do with any of the information.
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Actually my main interest is 3d modeling. IT/networking is part of my work, and my time here is voluntary because I want to help others stay secure on the Internet.
    MY main interest on forum is the security of its members (and anyone who lurks or passes by)
    I admit I can be sharp, but it does depend on what security software we are discussing. From a point of a packet filtering firewall that as no HIPS then there is little point is discussing the lack of it.

    I have in the past secured NT3/4 W2k on policy alone, but it does (as you will know) take time to learn/implement such security, which I did.

    From the point of HIPS, look through the forum, you will see I have been involved with many discussions/tests of HIPS, and have used various. I have actually had a good learning process of XP due to this. I have even taken time to run all the leak test (current at the time) on security software that pertains to contain this protection, as if it says it on the box, then it should do it. But it is fruitless to argue a point of a packet filter missing such protection when protection can be added.

    I see already that this topic is now surrounding HIPS/leak_tests, and hope you can actually see my point.

    - Stem
     
  18. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    And I for one really appreciate that Stem. I have learned a lot from you and your voluntary time here is really great. :thumb:
     
  19. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Yes, that site. I just read his posts here, nothing especially written up I refer to. His philosophy for security is simple and to the point usually. The more I learn, the more people like him seem to make sense to me. Simplicity is often lost when you are dealing with computers.

    Sul.
     
  20. Rain_Train

    Rain_Train Registered Member

    Joined:
    Aug 27, 2008
    Posts:
    142
    Just to clarify, Stem is right; my main concern was that Vista Firewall would be trivial for an experience hacker to bypass, or that it didn't cover the essentials all that well. For example, maybe it doesn't stealth ports (does it?), whereas "Firewall X" does. Or there could be a vulnerability in the firewall service, which a hacker could exploit.

    I know it sounds paranoid, but it would really suck to be connected to a public hotspot for just five minutes (thinking you were going to check your email), when all of a sudden you get hacked. So yes, my main concern is inbound protection; can someone on the outside see inside, or worse, get inside?

    I've no problems with using Vista Firewall at my house, where I have a router firewall. I guess this is where my paranoia comes in; when I travel, I don't have a router firewall, so I feel the need for some "extra" compensation somewhere. And that's what I'm trying to find out; if I do need some extra compensation or not.
     
  21. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    Hey Sul, can you write up some cardinal principles that you have learned from him about security? Thanks.
     
  22. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    Let's be realistic here.. what exactly do you have paranoia about? What can they steal from your hard drive that will destroy your life? Tell me, I am genuinely asking. Do you have a billion dollars in the bank, and have private patents and new inventions written on your hard drive in a text file or something?

    Come on man... what exactly you paranoid about? :gack:
     
  23. Warklen

    Warklen Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    112
    Thank you very much Stem for taking time out of your day and doing this...Ive learned a lot about vista's firewall and im glad i did.
     
  24. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Thank you Warklen,

    Maybe you can stay around and watch how to argue the toss about nothing, as it happens on a number of threads here, and is now happening here.

    I could bring this to a close but have left it, as it will be a good example how a thread concerning security turned into a toss for anything but.


    Regards,

    - Stem
     
  25. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    +1 :thumb:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.