Questions for beginners,.. Ask away

Discussion in 'other firewalls' started by Stem, Jul 31, 2006.

Thread Status:
Not open for further replies.
  1. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello all,

    I think there are questions that some "dont like to ask", maybe because they think the question is too simple, or asked before.

    I am starting this thread where these questions can be asked, with proper explanation as answer.

    I will then put a copy of these question/answers into one thread for anyone who needs them.

    I hope all members will help on this, as we all started with a need to know.


    If members think this is a good/bad idea, then comments are also welcome, I just believe this forum is for members to help members, new and old.
     
  2. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Nothing more to say. Great idea.
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    A list of basic questions would be a good idea for most of the forums here at Wilders, especially for those that recur repeatedly.

    Suggestions:

    Basic:
    What is a firewall?
    What benefits does it offer?
    Which one should I use? (Is there a 'best'?)
    How good is Windows' firewall?
    How can I test my firewall?
    Can I use multiple firewalls?
    I have several computers - does each one need a firewall?
    How do I decide what to allow and what to block?
    How can a firewall tell me if my system has been compromised?
    Where else can I find more information?

    Intermediate:
    What is the difference between a hardware and software firewall?
    Is a software firewall enough?
    Is a hardware firewall enough?
    What is the best way to set up a firewall?
    What do "protocols" and "ports" mean?
    What are "proxy servers"?
    What is "loopback"?
    What does "NetBIOS" do?

    Advanced:
    What is Stateful Packet Inspection (SPI)?
    What is application filtering?
    What are checksums/fingerprints?
    What do DHCP and DNS mean?
    What is ICMP?
     
  4. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    I think it is a great idea. Frequently asked questions for each forum stickied.
    I've been here for a little while, but I still consider myself a beginner.
    Post count and time here doesn't matter as long as one can ask questions without regard to what they should or shouldn't know by now.

    Is there a general purpose universal rule set that could be a guide for configuring any rule based firewall? Like what to allow/deny with svchost.exe and the other common components that users would have on their system.
    It would not be firewall specific and just have the common program or component, allow/deny, the ports, protocol, direction, SPI, etc.
    There could be a couple of different rule sets with different restriction levels (safe average, moderately strict, strict).
    It could serve as a guide for beginners as to what programs normally need access. This is one of the most difficult things for beginners to learn about outbound firewalls: what to allow and what to block?
    Maybe just a chart of common recommendations? (like Black Viper's services chart but for firewalls)
     
    Last edited: Jul 31, 2006
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I will work through them,... and answer the best I can,.. thank you for the help.
     
  6. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    I think it's an excelent idea.
    Sometimes I want to ask a question, and I know it's probably been asked before, and I always wonder if someone is gona re-direct me to another thread (but even if they did, that's fine by me, I just feel silly for not locating it first)
    Alot of my questions need to be explained in detail (which they always are) because I'm still learning :D.
    I usually always try to do a search before I ask a question, but there are so many different questions and answers for a single subject that sometimes it's just hard to find an answer using the search.
    So, I really think this is a GREAT idea!

    Here's a question I've always wanted to know the answer to...

    Is it possible for someone to hack into my network somehow and use my internet connection even though I have a firewall? and if so, how would I know, and is there a way to prevent it from happening in the first place?

    Thanks!
     
    Last edited: Jul 31, 2006
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i dont know what level it would be, but heres a potential question:

    How important is passing leaktests for a firewall?
     
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Stem,
    You just want to know the questions and not the answers in this thread, is that correct?
     
  9. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    Two questions:

    Is essential for a firewall to include IDS (intrusion detection system) ?
    What is the the best IDS up-to-date?
     
  10. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    a few i thought up:

    1. What is "alg.exe"?
    2. Should I have my firewall allow or block it?
    3. What is "svchost.exe" and why are there so many of them?
    4. Should I have my firewall allow or block it?
    5. Which firewall is better (or best) at handling "svchost.exe"?
    6. How do I get my firewall setup for ICS?
    7. How do I setup my firewall to work with my router?
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    It is possible, but for a home user, unlikely. Problems I see for home users is from programs they have downloaded from dubious sources and installed, actual "invasion, hacking" to a clean PC is quite difficult with a firewall and not worth while for a hacker.
     
  12. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    In todays world of auto-mated scans (drive-byes) it is not so unlikely anymore. While the "home users" PC is not targeted specifically, it becomes compromised none the less. Wether it is ever used for "anything" after that is the only question remaining.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    But you would need to admit, that compromise of a firewalled (without allowed connection) home PC is unlikely
     
  14. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Totally agreed. It`s just that not to long ago the general thought was "I`m just a little old home user. No one wants anything on my machine". Sorry for the OT. We now return to our regularly scheduled thread.
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    All jokes aside,.. for a hacker to gain entry to a firewalled PC is very difficult, there is no entry point. The main problem is for users without a firewall, or with a badly configured firewall that is allowing inbound connections.
     
  16. IceDogg

    IceDogg Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    26
    Location:
    Arkansas
    I think this is an awesome idea. I can't wait to read some of the answers to the questions already posted above. I'll be watching this carefully. I too try and find and learn as I go, but having a great FAQ like this one could be would help greatly. I'll thank you now, in advance. Thanks!!
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    If you have a question,.. ask,... if you know the answer to a qustions, then answer. We are in a forum to help each other. Lets learn together,..
     
  18. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Application Layer Gateway Service and is provided by Microsoft as part of the firewall in Windows or ICS (internet connection sharing). The original alg.exe file is located in the c:\windows\System32 folder. If your copy is located elsewhere, you probably are looking at a virus, spyware, trojan or worm!
    If you are not using windows firewall or ICS,.. block it.
    http://support.microsoft.com/?kbid=314056
    http://www.computerhope.com/issues/ch000517.htm
    http://www.neuber.com/taskmanager/process/svchost.exe.html
    http://help.lockergnome.com/general/Svchost-exe-ftopict37303.html
    This depends on your OS setup, and the services running
    Example for XP
    DHCP client will require UDP local port 68 remote port 67
    DNS client will require UDP remote port 53

    I think we will need to make a section for svchost (services run / connections needed)


    svchost to a firewall is just another application, and will handle this application according to the rules you set. So I cannot really say there is a particular firewall that is best to handle "svchost".
    http://www.annoyances.org/exec/show/ics

    There is normally no problem, which router/firewall?
     
    Last edited: Aug 1, 2006
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
  20. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
    In the Other Firewalls Sticky Posts at the top of this forum, CrazyM has links to four threads he wrote on firewall rules which might fit the bill. I've found them very useful.
     
  21. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Well, it depends on what applications the user is running. A firewall set up to deny all traffic is pretty much unbreachable (aside from any security vulnerabilities in the firewall coding) but each program allowed network access offers a possible attack vector.

    With client software (web browsers, email) this is quite limited since the user has to do something (e.g. visit a malicious website, download and open an email attachment) to expose themselves but if a server of any sort is being run (web/ftp/game servers as well as most file-sharing programs) then these will provide access to visitors, allowing an attacker scope to exploit any vulnerabilities in the server to compromise the system.
     
    Last edited: Aug 1, 2006
  22. herbalist

    herbalist Guest

    Just grab questions from the lists and post answers back in this thread?
    Rick
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    A firewall examines all traffic to see if it meets certain criteria. If it does, it is routed, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the PC and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.


    http://www.quarella.co.uk/firewall/

    .
     
    Last edited: Aug 1, 2006
  24. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes, I have started the thread for all to take part. If you can answer a question, please do. If we get more than one answer to a question, so be it. Once a question is fully answered/explained, which may be snippets from various post, I will create a Q&A thread from all replies.
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    But this would then be an attack on the server software, not on the firewall. Allowing unsolicted inbound connections, is bypassing the firewalls main defence, other layers of defence are then needed, such as HIPS AV etc.
     
Loading...
Similar Threads
  1. ttomm1946
    Replies:
    0
    Views:
    521
Thread Status:
Not open for further replies.