A firewall is an
application that lets you control and filter packets flowing in and out of your
computer or network. Almost all PC's accept certain types of connections, and
hackers can take advantage of this when probing for systems to attack. Such
techniques include:
·
Ping - A method
for determining whether a system is connected to the Internet at a particular
address. You ping a system by sending what's known as an ICMP Echo Request
packet. If the target is connected, you'll receive a 'pong' in response. Most
operating systems, including Windows, have this program: just try running the
command "ping foo.com" where foo.com is any domain name or IP
address.
·
Operating
System Fingerprinting - By sending/receiving a single specially crafted packet,
an attacker can both determine whether a system is connected to an IP address and
what operating system it is running (Windows XP, Windows 95, Red Hat Linux,
etc).
·
Port scans - It
is possible to determine whether any server programs are active and listening
for data on a system by sending a connection request to every single possible
port number. If you and the attacker both have fast Internet connections, then
thousands of ports can be scanned within seconds.
Firewalls are
effective at blocking all of these kinds of probes as well as any other
intrusion or denial of service attacks by immediately rejecting any incoming
packets that weren't solicited from programs running on your computer. The
attacker never receives a response, creating the illusion that there is no
computer at your IP address. This in turn prevents any further attempts to
exploit security vulnerabilities and break into a system.
Some firewalls (such
as the one included with Windows XP) only work in a single direction - they
examine packets your computer is receiving, not those it sends. This is because
in most cases, data originating from your computer, such as requests for web
pages, is legitimate But hostile applications like trojan horses, worms, and
viruses can use your Internet connection to send an attacker sensitive
information such as your files, screen captures, or even keystrokes. It is
therefore crucial that your firewall has some mechanism for filtering outbound
traffic from your computer. This is usually done by building up a list of
programs that are allowed to use your Internet connection. If an unauthorized
program makes a connection attempt, the firewall alerts you and lets you decide
whether or not to give it permission to proceed.
Most multi-user
connections to the Internet (i.e. where all your staff connect via a single
phone line, now typically for broadband) will utilise a gadget called a router,
and most routers now incorporate NAT or “Network Address Translation”. This
technique allows the millions of office networks in the world all to re-use the
same network addresses in the ranges…
·
192.168.nn.nn
·
172.16.nn.nn
·
10.0.nn.nn
...The router, on
the other hand, will have a unique Internet address, such as 212.69.225.200,
from which it can send and receive information (a bit like a post code). So
when one of your staff, let’s call him Charlie, sends a request to the Internet
it goes from his local address of 192.168.1.71, through the router’s one of
212.69.225.200, and then out to the world wide web, that is only aware of the
router, not Charlie himself. So the returned packets are addressed to the
router, which then re-addresses them (or translates their network addresses) to
Charlie. In this manner computers on the local network are kept separate,
invisible and safe from those on the Internet side of the router.
Whereas NAT gives
excellent protection to the computers on its local area network, it must be
remembered that the router itself will still have ports that can be attacked by
hackers, and must therefore be set-up with as much protection as possible (e.g.
“ping” turned off, internal firewall enabled, etc).
Static IP Addresses
All Internet connections are allocated
a unique IP address when they join the web, such as 212.69.225.200, which work a bit like post codes. Usually you’ll get a
different address (i.e. a dynamic one) each time you connect. However if you
need, for example, to repeatedly connect two offices via the Internet (i.e. to
join all their computers in a WAN) then you must have the same IP address every
time you connect, in which case you simply have to request a fixed or static IP
address from your ISP (which will cost a few pounds extra each month).
Implications
· Routers must be set-up properly (i.e. with “ping” turned off)
· Windows XP will not stop email-forwarding (i.e. outbound) viruses unless you add personal firewall software
· Norton Personal Firewall is good, but in some instances its fierce protection may actually prevent some applications from working