Firewalls? hmm... who has actually ever been hacked?
Guys. I recently tried a few firewalls out of interest rather then an actual need. And I found a few interesting things that I thought warranted a mention. Firstly, is there a real need for one on your basic personal system? For someone who uses windows 2000 for the stability, kernel difference, in built security a ...
Guys.
I recently tried a few firewalls out of interest rather then an actual need. And I found a few interesting things that I thought warranted a mention.
Firstly, is there a real need for one on your basic personal system? For someone who uses windows 2000 for the stability, kernel difference, in built security and basic performance, is a firewall actually worth the effort? For many of you, who spend a lot of time tweaking W2k to get the maximum response out of the OS (like myself) a firewall could hardly be recommended on a purely performance scale. As far as port security goes, W2k is so far ahead then anything from the 9x line of windows. For someone on a dial up I really cannot see the necessity of a firewall. A DSL or cable connection could justify the need. But then again, how many of you have actually been hacked? I know some of you will pipe up and say, "I haven't, precisely because I use a firewall!" Ok, but is the chance really likely? For someone who intends to use a mediocre program to gain access to your system. Most of the time this process requires the user accepting some sort or remote admin file in the first place. And in this day and age no one would accept a 'CLICK-ME.exe' file or anything of dubious origins. So I ask you for your opinion on the necessity of a firewall. And I argue that in most cases it is not necessary. I would also say neither is an anti-virus program but I would be flamed. I will finish by saying, those who also use W2k for gaming and require the maximum amount of performance from their system will most likely agree, a firewall, anti-virus program or anything that remains resident can, and will hamper your gaming experience.
I just raise this matter to create discussion. My opinion is my own.
Regards,
Cardinal.
I recently tried a few firewalls out of interest rather then an actual need. And I found a few interesting things that I thought warranted a mention.
Firstly, is there a real need for one on your basic personal system? For someone who uses windows 2000 for the stability, kernel difference, in built security and basic performance, is a firewall actually worth the effort? For many of you, who spend a lot of time tweaking W2k to get the maximum response out of the OS (like myself) a firewall could hardly be recommended on a purely performance scale. As far as port security goes, W2k is so far ahead then anything from the 9x line of windows. For someone on a dial up I really cannot see the necessity of a firewall. A DSL or cable connection could justify the need. But then again, how many of you have actually been hacked? I know some of you will pipe up and say, "I haven't, precisely because I use a firewall!" Ok, but is the chance really likely? For someone who intends to use a mediocre program to gain access to your system. Most of the time this process requires the user accepting some sort or remote admin file in the first place. And in this day and age no one would accept a 'CLICK-ME.exe' file or anything of dubious origins. So I ask you for your opinion on the necessity of a firewall. And I argue that in most cases it is not necessary. I would also say neither is an anti-virus program but I would be flamed. I will finish by saying, those who also use W2k for gaming and require the maximum amount of performance from their system will most likely agree, a firewall, anti-virus program or anything that remains resident can, and will hamper your gaming experience.
I just raise this matter to create discussion. My opinion is my own.
Regards,
Cardinal.
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Ok. I did not want to reply again but I feel that I should.
Firstly I will state the obvious. Geoph, you resorted to a personal attack, this illustrates your level of intelligence more then affecting me. Well-done sir.
And once again my friend Dos Freak has gone on to over elaborate about the need for an anti-virus program. Wow hehe, take my scenario even if it is a little pessimistic.
You lose your job as a system/network administrator. Your partner finds the retrenchment too depressing and decided to head south with a Linux programmer. You sink into a depth of despair; too depressed to look for work your finances force you to drop the broadband connection and enjoy your old cobweb covered 33k modem. The home LAN, if there is one, is sold so you can buy some bread. So you're stuck with a single pc and that trusty pci modem you once loved. You find yourself enjoying the quiet life as an irc monkey and the odd online game to escape that terrible reality. A few frames in the game are dropping and the hdd seems to be thinking about something else. Ffs! you cry and wonder what program is causing this god-forsaken annoyance. Oh, I see, a software firewall has decided that the connection with the game server poses as a risk. Now I ask you Dosfreak (I apologise for the over imaginative description) do you really feel the need for a firewall in this scenario? While you ponder that question, let me remind you that by far, the majority of net users meet, or come close to meeting this example. Not every user is a 'freak'. (hehe I love the fact that you are )
So, finally do the majority of net users need a firewall? I also understand many of you users are in the US. The attitude towards net security is more of an issue then it is here. And as far as an anti virus, well we can leave that to the gods (read, pc salesmen) According to you lads, a virus or a 'hack' is the end of the world. I can't remember who said it, but someone posted the possibility of an electrical spike (lol) I mean please. Lets keep our feet on the ground and not floating around in cyberspace.
Firstly I will state the obvious. Geoph, you resorted to a personal attack, this illustrates your level of intelligence more then affecting me. Well-done sir.
And once again my friend Dos Freak has gone on to over elaborate about the need for an anti-virus program. Wow hehe, take my scenario even if it is a little pessimistic.
You lose your job as a system/network administrator. Your partner finds the retrenchment too depressing and decided to head south with a Linux programmer. You sink into a depth of despair; too depressed to look for work your finances force you to drop the broadband connection and enjoy your old cobweb covered 33k modem. The home LAN, if there is one, is sold so you can buy some bread. So you're stuck with a single pc and that trusty pci modem you once loved. You find yourself enjoying the quiet life as an irc monkey and the odd online game to escape that terrible reality. A few frames in the game are dropping and the hdd seems to be thinking about something else. Ffs! you cry and wonder what program is causing this god-forsaken annoyance. Oh, I see, a software firewall has decided that the connection with the game server poses as a risk. Now I ask you Dosfreak (I apologise for the over imaginative description) do you really feel the need for a firewall in this scenario? While you ponder that question, let me remind you that by far, the majority of net users meet, or come close to meeting this example. Not every user is a 'freak'. (hehe I love the fact that you are )
So, finally do the majority of net users need a firewall? I also understand many of you users are in the US. The attitude towards net security is more of an issue then it is here. And as far as an anti virus, well we can leave that to the gods (read, pc salesmen) According to you lads, a virus or a 'hack' is the end of the world. I can't remember who said it, but someone posted the possibility of an electrical spike (lol) I mean please. Lets keep our feet on the ground and not floating around in cyberspace.
Well, by 'firewall' what you're really asking is about the software firewalls for individual PC's.
If I was reduced to only having one computer, with nothing between it and the Internet, then I would install at the least one of the available software firewalls. I do this knowing that a software firewall on the machine itself isn't much in the way of protection compared to a seperate machine between me and the Net, but it's better than nothing.
My parents have DSL, and what is essentially an old computer cobbled together from parts left over when I upgraded my own machines. There's really nothing that important on there, and most of what there is good be reinstalled with ease. However, they are 252 miles away from me, so I don't get physical access to the machine often. I installed the free personal version of Tiny Personal Firewall ( http://www.tinysoftware.com/pwall.php ) on their machine because while it's not much, I feel that the cost in terms of hardware resources was well worth the small sense of protection it offers me, not being able to watch over the machine personally.
Normally, on my personal network here at University (yeah, I'm a computer freak) I have an OpenBSD firewall between me and the school's always on network. Currently, that machine is down, however, so on the Linux machine I setup some IPChain rules and on the MS Windows 2000 machine I have Tiny Personal Firewall running, along with McAffee VirusScan. Together they take up less than 1% of my CPU time in normal operation, and the only difference I can notice when running them is when one or the other catches activity that I'm glad they did.
So, yeah, it's pretty much a personal thing in the end. Chances are, your average user on a modem can get away without noticing attacks. But at the same time it really doesn't cost me much to run them, and is there for an extra bit of insurance in case something goes wrong. It's certainly cheaper than my auto insurance, that's for sure.
If I was reduced to only having one computer, with nothing between it and the Internet, then I would install at the least one of the available software firewalls. I do this knowing that a software firewall on the machine itself isn't much in the way of protection compared to a seperate machine between me and the Net, but it's better than nothing.
My parents have DSL, and what is essentially an old computer cobbled together from parts left over when I upgraded my own machines. There's really nothing that important on there, and most of what there is good be reinstalled with ease. However, they are 252 miles away from me, so I don't get physical access to the machine often. I installed the free personal version of Tiny Personal Firewall ( http://www.tinysoftware.com/pwall.php ) on their machine because while it's not much, I feel that the cost in terms of hardware resources was well worth the small sense of protection it offers me, not being able to watch over the machine personally.
Normally, on my personal network here at University (yeah, I'm a computer freak) I have an OpenBSD firewall between me and the school's always on network. Currently, that machine is down, however, so on the Linux machine I setup some IPChain rules and on the MS Windows 2000 machine I have Tiny Personal Firewall running, along with McAffee VirusScan. Together they take up less than 1% of my CPU time in normal operation, and the only difference I can notice when running them is when one or the other catches activity that I'm glad they did.
So, yeah, it's pretty much a personal thing in the end. Chances are, your average user on a modem can get away without noticing attacks. But at the same time it really doesn't cost me much to run them, and is there for an extra bit of insurance in case something goes wrong. It's certainly cheaper than my auto insurance, that's for sure.
I have been hacked. When I first got cable internet service, I went to shut down my machine one day and got a message saying"if you shut down windows this other guy who's logged on to your machine will be logged off" (ok, ok that's not exaclty what it said, but close enough)
So I installed a software firewall right away. I get a ton of probes everyday, so I know these malicious idiots are out there. There's nothing on my machine that's of any importance, but I don't like the idea of someone snooping around my hardrive.
I found out that the guy who was logged onto my machine was using another guys' computer as a "stepping stone" to get to me. If that guy owould've had a firewall it all would've stopped right there.
So I installed a software firewall right away. I get a ton of probes everyday, so I know these malicious idiots are out there. There's nothing on my machine that's of any importance, but I don't like the idea of someone snooping around my hardrive.
I found out that the guy who was logged onto my machine was using another guys' computer as a "stepping stone" to get to me. If that guy owould've had a firewall it all would've stopped right there.
-windows 2k by default-
wingates- stepping stone to other systems
enumerating shares- yes the little <20> that says hi I'm on. would you like to connect try IPC$ maybe I'm logged on as root(admin sorry)
Dos Freak-nice makeshift DoS attack freak thats funny.That will definately slow down a 56k connection especially if its performed by someone withmore bandwidth(not uncommon)
I would use a firewall box. Yep thats right the old 486 that nothing seems to work on anymore. Well guess what, Linux will still run fine with it, because they aren't in bed with the hardware manufacturers. So you run IPChains on it and remember deny everything first then start allowing.
I will give it to whoever said you have less of a chance of being 'cracked' being on a dial up. Less doesn't mean never. although your range of IP's may be scanned less frequently because of the lack of juicy targets, what about all the little packet monkeys trying to figure out how to steal cc#'s, how to use wingates, etc. I mean I could go on all day about all the little things that go on. But at the end of it all I would still recommend at least zone alarm and a trojan scanner.
Cheers-
Moniker
wingates- stepping stone to other systems
enumerating shares- yes the little <20> that says hi I'm on. would you like to connect try IPC$ maybe I'm logged on as root(admin sorry)
Dos Freak-nice makeshift DoS attack freak thats funny.That will definately slow down a 56k connection especially if its performed by someone withmore bandwidth(not uncommon)
I would use a firewall box. Yep thats right the old 486 that nothing seems to work on anymore. Well guess what, Linux will still run fine with it, because they aren't in bed with the hardware manufacturers. So you run IPChains on it and remember deny everything first then start allowing.
I will give it to whoever said you have less of a chance of being 'cracked' being on a dial up. Less doesn't mean never. although your range of IP's may be scanned less frequently because of the lack of juicy targets, what about all the little packet monkeys trying to figure out how to steal cc#'s, how to use wingates, etc. I mean I could go on all day about all the little things that go on. But at the end of it all I would still recommend at least zone alarm and a trojan scanner.
Cheers-
Moniker
Firewalls. Hmmm.. So am I right in saying that the moral of this story is that they are not needed? Hehe.. Kidding. I don't know, my opinion has not been changed just altered. I am warming to the hardware firewall idea as I can agree safely that there is a sh1tload of activity on my ports. In fact on most peoples. The question remains how much of this activity is harmful. So it comes down to a matter of preference. On a network I can understand the need for a firewall, I never argued otherwise. But on a single box with no real reason for privacy It seems a little less essential.
I have to say though; I had no idea how much activity there was on my connection. I'm sure most people out there will be surprised. But I guess, will they care?
I am beginning to.
I have to say though; I had no idea how much activity there was on my connection. I'm sure most people out there will be surprised. But I guess, will they care?
I am beginning to.
I am still running without a firewall or a virus scanner.
I figure it is like fuking without a condom there is a risk involved and it is a big one but somehow I just can't bring myself to care.
I figure it is like fuking without a condom there is a risk involved and it is a big one but somehow I just can't bring myself to care.
Quote:<font face="Verdana, Arial" size="2">Originally posted by Four and Twenty:
I am still running without a firewall or a virus scanner.</font>
If I was running just a home machine (boy, how I wish) with no need for security, could do a reinstall in a couple of hours, and wanted it slim and fast, I'd probably do the same. In fact, a 'Win2K Lite' would be just great.
------------------
"Being married to a programmer is like owning a cat. You talk to it but you're never really sure it hears you, much less comprehends what you say." -DeadCats, 1999
"Talking to DeadCats is like talking to a dead cat." -MrsDeadCats, 2001
I am still running without a firewall or a virus scanner.</font>
If I was running just a home machine (boy, how I wish) with no need for security, could do a reinstall in a couple of hours, and wanted it slim and fast, I'd probably do the same. In fact, a 'Win2K Lite' would be just great.
------------------
"Being married to a programmer is like owning a cat. You talk to it but you're never really sure it hears you, much less comprehends what you say." -DeadCats, 1999
"Talking to DeadCats is like talking to a dead cat." -MrsDeadCats, 2001
Quote:<font face="Verdana, Arial" size="2">Originally posted by Cardinal:
I am warming to the hardware firewall idea as I can agree safely that there is a sh1tload of activity on my ports. In fact on most peoples. The question remains how much of this activity is harmful.</font>
Any unwanted network activity is just that, unwanted. What you do about it is up to you. Personally, I just use the router with its basic NAT functionality to keep that traffic out.
------------------
Regards,
clutch
I am warming to the hardware firewall idea as I can agree safely that there is a sh1tload of activity on my ports. In fact on most peoples. The question remains how much of this activity is harmful.</font>
Any unwanted network activity is just that, unwanted. What you do about it is up to you. Personally, I just use the router with its basic NAT functionality to keep that traffic out.
------------------
Regards,
clutch
Netgear is making a $250 DSL/Cable router that has true firewall capability, content filtering, connection sharing, etc.
The firewall isn't just NAT, its has true statefull packet inspection.
Oh yeah, if your local DSL is compatible with the Cisco675 DSL Router, try to get one and use it. It has all the built in NAT capability of the external routers, it kills two birds with one stone. It provides the DSL modem and the connection sharing in one small box, and is made by Cisco.
The firewall isn't just NAT, its has true statefull packet inspection.
Oh yeah, if your local DSL is compatible with the Cisco675 DSL Router, try to get one and use it. It has all the built in NAT capability of the external routers, it kills two birds with one stone. It provides the DSL modem and the connection sharing in one small box, and is made by Cisco.
Quote:??? Wrong. By default File & Print sharing is enabled on 9x systems. Alot of NT boxes have default admin passes or NO PASSWORD . Also it's not very hard to figure out the local admin on an NT box.
Okay, I'm currently using 98SE, switching to Win2K as soon as I find some compatible software for my Intel PC Camera (lazy bastards at Intel! I'll never buy a cam from them again! Logitech or bust. )
File and print sharing is turned off by default in my system (it isnt checked). I also played around with my network settings to disable netBIOS from being sent, when when going through the "Test My Shields" and "Probe My Ports" tests, it stated that the most common points of entry are closed (or even stealthed) on my system, and I don't even have a firewall.
Now that I'm switching from 9x to Win2K, what do you recommend changing in order to keep hackers from guessing my local admin pass?
Okay, I'm currently using 98SE, switching to Win2K as soon as I find some compatible software for my Intel PC Camera (lazy bastards at Intel! I'll never buy a cam from them again! Logitech or bust. )
File and print sharing is turned off by default in my system (it isnt checked). I also played around with my network settings to disable netBIOS from being sent, when when going through the "Test My Shields" and "Probe My Ports" tests, it stated that the most common points of entry are closed (or even stealthed) on my system, and I don't even have a firewall.
Now that I'm switching from 9x to Win2K, what do you recommend changing in order to keep hackers from guessing my local admin pass?
