What is the Truth about Firewalls?

I can easily keylog some one, log in to their bank accounts, order a book of checks-then use the checks to buy myself 10 security experts and make them discuss firewall security while I watch & eat cheezypoofs.

 

Hello,
And where would you have these checks delivered? To your house? Or would you impersonate that someone when you came to collect them - without being asked for an ID? Like I said, such a bank must be a joke.
Mrk

 

Ok - I have another question. Since I'm not a networking guru, please forgive my ignorance if this comes across as lame. According to the techies I've been talking with, their contention is that if you have all the vulnerable and unnecessary services disabled, there is no need for a firewall. So, to test their theory, I did a little experiment. I went to Shields Up and ran a test. I first tested my computer with my firewall enabled, and scanned all 65535 ports. I then disabled my firewall and scanned all of my ports again. Some of the service ports (135, 445, etc) actually came up stealth, and every other port was shown as closed. So, if all of the ports are closed, and if (as some here have even said) a closed port is just as good as a stealthed port, isn't the system secure even without a firewall? And, if a person is running a HIPS program that monitors outbound application network attempts, does a firewall make that system any more secure? Or, what extra protection does a software firewall provide that isn't already provided by all ports being closed? Personally, I am still going to run a software firewall, but I am still interested in others' take on this. Also, I am talking about a computer with a software firewall only, not behind a router of any kind. I just want to try and understand all of this.

 

Yes, it is. I saw some videos about, how hackers bypassed a firewall in a few secs and they were lauging about ports being "so-called" stealthed.

Well, in theory, that HIPS software could be remotelly disabled, if no inbound protection would be present, but that would have to be a pointed attack.

I just can not think about anything, though you can block ICMP traffic and it migh provide partial protection against some attacks like UDP flood and ect.

 

So the fact that my hardware router firewall did log the port scan when I ran shields up, is stealthed but showing me nothing
in the log, means that it is not bothering to record trivia ? it is set up to report
Dos attacks and port scans, time checking etc

 

Could you explain more ? when I run Shields Up etc it reports my ports as being stealthed - This means I assume my Hardware Firewall is stealthing or hiding these ports from general view ? Is it possible for someone outside to turn them off and to then enter ? I have no software security so any reports are presumably about the Hardware Firewall Router. If the ports are only "so called" stealthed is there a better hardware box to buy ? Having bever seen a virus nor
suffered from malware I'm only willing to go so far but a couple of hundred $ for a better box would be preferable to loads of buggy programs as far as I'm concerned.

 

Well, I was reffering to stealthed ports by a software firewall, I am not aware of any bypass, that would allow this to be done on a router.
Hardware router itself is so much more better, because it has no software vulnerabilities, it just do, what it is supposed to do and that is it.
Though, there were some vulnerabilites, but they applied to software, like routers could by comprised, when a default password was used, ect.

So-called stealthed ports, I just can not explained it well, but Google helped me a bit, a little info - http://www.dslreports.com/forum/remark,17079604

 

Your hardware firewall is configured to log port scans, but after scanning with Shields Up, the logs are still empty? Did you check that the IP that's displayed above the scan results is your actual IP? If your internet service uses a proxy server or service, or if they block incoming traffic, the scan might never reach your firewall. If these are OK, there may be a problem with your firewall's logging or its settings.
Rick

 

Sorry not to be clear - when I ran Shields up my log DID show that a port scan had taken place.

my question was - if my firewall router is set up to log port scans and DoS and it has shown to be working why do I not get any port scans naturally ? I can go to shields up and produce a scan which is logged but otherwise nothing.

 

Thanks - I'm relying on this hardware Firewall being stealthed as my main protection. I would not like to think that someone could break in.

 

Hey Tom,
you got me scratching my head. A router runs software, GNU/Linux with iptables yes?
I had the impression the only difference would be that the router runs independent from the PC, so not probable it shuts down, or modified by a compromised PC (assuming no bugs).
Did i misunderstand you? (probably )

 

That is right, for me it is hard to talk about something, that I have actually never used, just read about.
Since I am not interested in any software or hardware protection, I just do not pay too much atention to it.

 

Do We Need A Software FW?

Hi Guys,

A well respected radio computer guru, says software FW's are not necessary with NAT router. He also stated that outbound traffic is not necessary to protect as the bad guys will poke holes in the software FW's.

He also mentioned if your going to use a software FW, he recommends Comodo.

What do you think, can/should I uninstall my software firewall!

Take Care
Rico

 

Re: Do We Need A Software FW?

If you dont care about outbound control and if you do have a router firewall, then sure uninstall it.

 

If i travel and get on a public shared LAN, i fire up Returnil or PowerShadow with security in place,if at the session i catch some malware or anything i don't want,then a quick reboot is all that needed to get myself back to a clean slate,so i have not to worry about the host security measures.

 

Makes sense - but why restrict it to public shared LAN ?
A hardware Firewall + Firefox + DeepFreeze or Returnil and I feel no need for a
software Firewall or any other AV, HIPS etc

 

So, you aren't concerned about someone sniffing your login credentials?

A software firewall is useful in two situations:
- Unsolicited inbounds from the local network (other hosts in your LAN)
- To enforce a policy regarding network access i.e. your mail client should only connect to your mail servers using only SMTP (remote port 25) and POP3 (remote port 110) (I'm ignoring SMTPS and POP3S to keep things simple) without inbound connections.

Why do I think that two-way software firewalls are next to useless for most people?
- People expect firewalls to be leak-proof. It isn't possible in the Windows environment with so may documented and undocumented ways to access the network resources and inject code/instructions in running applications.
- Poor rulesets. People run firewalls with holes by default.

Also, people running some HIPS already has an application intercepting outbound attempts (without packet filtering, of course)