Inbound Protection

Discussion in 'other firewalls' started by Someone, Aug 19, 2008.

Thread Status:
Not open for further replies.
  1. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I'm not sure about it. I think the main task of FW is to control network traffic. Correctly implemented stack can protect itself without additional help.
    This is just wording. I insist that correctly implemented stack can drop the packets with the same efficiency as any firewall does. From the other side to control illegal flags etc any FW needs to allocate and use additional resources which turns all those efforts into null at best.
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Well I will not go around in circles with you one this. So I will make my last post to thread on this.


    With windows there are 4 basic types of networking software, which are, services, APIs, protocols and network adapter device drivers, and each is layered on the next to form a network stack. So I put forward that MS placed the windows firewall as part of that stack to help with correct implementation.
    Now when you remove windows firewall you are removing part of the stack and also removing the packet filtering that the firewall does, and replacing it with another firewall, that firewall then becomes part of the stack, usually through kernel-mode /TDI. Now if that replacement is lacking in what it has replaced, in which I mean if the packet filtering is at least not as good as what as been removed, then you are intentionally weakening the stack.
     
  3. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I see your point, but what I actually meant by stack is a code starting with NDIS but before TDI. Starting from TDI (actually this is start of winsock, in other words logical level) individual packets are not seen, it's already socket stream cleared from physical stuff.

    And BTW, I never had any troubles with in-built firewall + third-party firewall in case there were not contradicting rules.
     
  4. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,148

    Hi Stem regarding illegal packets that you have mentioned here, other than windows firewall, what software firewalls can block illegal packets??
     
  5. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    CHX-I V. 3 allows for conditional rules, but the conditions generally allow the triggering of a rule based on some other network communication event. There is no provision for directly triggering a rule by process. However, this works nicely for some P2P applications that communicate outbound on a known specific port when started as this event can be used to trigger opening a port to allow the initiation of inbound communications. Works like a charm with uTorrent.
     
  6. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Very interesting. Thanks.

    And, to continuing with your exemple, does the triggered rule(s) are then de-activated at µTorrent application closing down?

    CHX-I keeps interesting me more and more, shame they placed it under the shelf years ago.
     
  7. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Can you mention some vendors? Does Linksys apply in the case? If I'm not mistaken Linksys is part of Cisco?
    Perhaps Thomson has improved with their latest routers (ST7 series)?
     
  8. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Might Threatfire Free be of any use to me?
     
  9. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Again, my apologies for the scare...
    Stijnson, if your router firewall is weak. You can just compliment it with better personal firewall. No need to throw the box out for this silly reason.

    To answer you earlier question, yes Linksys seems to be better from what I here from my colleagues. And most new CPE/Routers have good firewalls, since they use more powerful network processors and there has been a thrust on security which was not there earlier.

    Protection Layers:
    *Router
    *Personal Firewall
    *HIPS

    Now depending upon the power of the individual layer, you can choose a more/less powerful alternative for others.
    For ex: If you are using Online Armor or Comodo Pro, you don't need a seperate HIPS since they already have a good one in-built.
    If you are using a router with SPI , then you can choose any simple personal firewall which provides decent outbound protection.

    ----EDIT ---
    Threatfire is a pure HIPS product. If your AV or firewall doesn't have a behavioral blocker/HIPS, IMO it would be best to use ThreatFire.
     
  10. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Hi Vijayind. No need to apologize, I'm just paranoid -:)
    I just still don't know if Windows firewall will suffice behind a router (apart from if the router's firewall is weak or not. For my brand I just don't know).

    Perhaps I'll try OA Free to complement my router.

    EDIT: I have done some digging and I have discovered that my router uses a SIF.

    From the documentation:
    Stateful inspection firewalls (SIF) combine the aspects of the other three types of firewalls. They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer. They allow direct connection between client and host, alleviating the problem caused by the lack of transparency of application level gateways. They rely on algorithms to recognize and process application layer data instead of running application specific proxies. Stateful multi-layer inspection firewalls offer a highlevel of security, good performance and transparency to end users.

    Is this any good?
     
    Last edited: Aug 25, 2008
  11. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Ok, but IMO paranoia is not warranted.

    Windows Firewall is good enough. As Stem will post, you can harden WF to increase the ruleset for better protection. The only thing Windows Firewall, seems to fail in is outbound protection & self protection. So for this if you have HIPS product, you can be safe.

    SIF !! Are you using SpeedTouch ... Its basically SPI + some addons. Like ability to DNS query and cross-check.

    Online Armor would make a good personal firewall. Else as stated earlier, you can use a hardened Windows Firewall + HIPS.
     
  12. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Hi Vijayind. I saw Stem's post about Windows Firewall. Is this the one you are referring to - and is this the post where hardening XP's firewall is discussed?
    I will look into ThreatFire Free (I'm not familiar with how it works and if it's difficult to master).

    I'm not sure if I have a ST router. It came with customized ISP box and software.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi,
    I have mentioned hardening in a number of posts. For that it is better to use one of the free utilities that are available to save manually editing the registry.

    As example:

    Hardenit: http://www.sniff-em.com/hardenit.shtml
     
  14. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Isn't this tool for 'professional internet users' only?
    I hardly consider myself a professional of any kind, so is it safe to use this tool in my case?

    What is the difference between Harden-It and Secure-It?
    On the website it states that version 1.2 of Harden-It was released somewhere in 2005, but the download link gives me version 1.0.1.3.

    All other links I was able to find download either Secure-It 1.0.1.3. or Harden-It 1.0.1.3. No 1.2...
     
    Last edited: Aug 25, 2008
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have not seen problems caused by using Hardenit. It does give recommended settings during the execution. The main caution is if you are an heavy on-line gamer or P2P user, as some settings can slow those down.

    Any changes made can be reverted back by running the program again.

    This is the first main option screen of Hardenit.

    01.jpg

    Options that follow will show a simple choice or a recommended setting:-

    As example:-

    02.jpg

    03.jpg

    04.jpg

    Hardenit does not install onto the PC, it simply modifies or creates reg entries to change/enable protection.



    - Stem
     
  16. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I think you are using ST or ST-clone. DareGlobal makes the CPE for ST and other ISP/Vendors who rebrand it. I say this because very few vendors use SIF. SpeedTouch being the major one, others mostly use the same DareGlobal kits to market their own.

    Threatfire is very novice friendly. If my Dad can use it, any one can use it ;)
    If you are not sure, look into the Anti-Malware section of Wilders. I am sure they will have a detailed thread running.

    ---EDIT---
    Yes, I meant Stem's post. If you had difficulty with it, I would have recommended Harden-it. But Stem, beat me to it.
     
  17. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Stem, could you add this to your existing Windows Firewall thread. So that it becomes a one-stop thread and new or experienced user don't have to scour wilders for info.

    Thanks.
     
  18. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Harden-it tweaks IP and Firewall settings.
    Secure-it tweaks system settings to keep potential attacks away.

    IMO, if you use any HIPS like Threatfire, secure-it is not needed.
     
  19. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    @Stem: thanks for the screens. On a single pc setup one would have to select the 'workstation' settings in Harden-it I guess?

    @Vijayind: thanks for the clarification about Secure-it. Do you have Harden-It 1.2, because all I seem to find is downloads for 1.0.1.3?
     
  20. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Hi Stijnon, please see my earlier post. I have given links to MajorGeeks download site where you can download ver1.2.
     
  21. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    I know, but those links either download version 1.0.1.3. or Secure-It (which seems odd, because the link is for Harden-It).
     
  22. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I think I was a little off in my description.
    Harden-it is for Win XP.If you are using Win Vista, you have to use Secure-it. Which includes many of the "Harden-it" features plus Vista specific tweaks for more security.
    If you install Harden-It on Vista, it will ask you to download Secure-It instead.
     
  23. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    OK. I have downloaded v1.0.1.3 (none of the links at MajorGeeks download the promised v1.2 unfortunately). Can I use the settings for 'Workstations' (single pc setup)?
     
  24. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    40,050
    Location:
    U.S.A.
    FYI. These are the original Web pages from sniff-em.com, the makers of: Harden-It and Secure-It.
    Unfortunately, the downloads are the same as MajorGeeks.

    EDIT - I just saw that Stem had provided one of these pages in a previous post. Sorry for the duplication.
     
    Last edited: Aug 26, 2008
  25. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Yes, you can use Workstations. But please note Secure-It contains some of the features of Harden-It, not all.
    And if I am not mistaken, it doesn't have the Windows Firewall and IP protection present in Harden-it. Can someone please confirm ?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.