Which are software firewalls embedded in an appliance. The real difference is that being on a seperate system, an all out attack that results in a crash or compromise of the firewall leaves your working system untouched. Also, since the embedded system is usually in ROM or FLASH on the hardware, it is much more difficult to compromise one and make a permanent change to the hardware.
The weak spot in any firewall is that there might be some way of intentionally mis-forming a data packet that will crash the firewall software. If it can be done, then there’s a good chance it can be done so as to execute program code that was in the packet.
With a PC based firewall, the chances are then good that the attacker can then get into your system and install some kind of worm or find someway to leave a permanent hole in your firewall - which he can then return to and attack later.
That won’t happen on a “hardware” firewall. It is far more difficult to make it do something permanent.
On the other hand, some firewall manufacturers leave a back door in the appliance, and a default password so that they can get in and update software - or so that the system’s real Admin can do the same from outside. Bad ideas, both, but I’ve read of instances where it happened.
Gouda:
Assuming you only connect to the Internet through your hub PC, you should be fine.
If the any of the other PCs are connected so as to be able to connect to the Internet directly (have their own modem or DSL connection ,etc.) then you most definitely need a firewall on each.
While 1000 intrusions a week sounded like an awful lot to me, once I did the math it came to 6 per hour for a system that’s on 24/7. That’s not too outrageous.
I just installed McAfee’s Virus Scan and it comes with McAfee’s own firewall (Guardian), and I’m guessing that Norton’s anti virus software comes with a firewall too. Is ZoneAlarm enough better that McAfee’s or Norton’s firewalls that I should replace them with ZA?
Are you using the Internet Connection Sharing feature of your OS? Zonealarm Standard (the free one) will not act as a firewall for your ICS clients. Only Zonealarm Pro will do that.
I recommend you buy a hardware internet sharing device like a Linksys router. They are really cheap now, easy to set up, and you don’t need to leave your proxy server on all the time in order to have internet access on your client PCs.
Mort Fyrd, I connect via the hub only. It’s the only direct connection to the net.
A. Coward, nope, I’m not using ICS (anymore). I’m using WinGate, which won’t install until ICS is deactivated. I did think of getting a router, but they still cost almost twice as much as a switch here.
I may not be a computer Guru, but I would assume that with a budget like the one the Federal Government has, I’d think they could get into your machine even with Zone Alarm. If not in the front door certainly in the back door. Maybe trickling down a registered users list or find out where you go often enough and do it that way…no?
If I may hijack a bit, I’ve got a couple questions:
I’ve never been able to get ZoneAlaram to work properly with my school network. I can use ZoneAlarm and surf the net or I can connect to the school network and surf the net but not both. Any idea how I can get the firewall on full time and still get the connection to the network?
If I were to buy or build a hardware firewall, how would I do it and use it?
NAT hardware firewalls are built in to most network routers these days. Chances are your school alread runs one through which you are connected to the internet. As for your first question, I’d ask your schools IT people, as they’d have more knowledge about their own network.
I have had ZoneAlarm installed and running for years, so I clicked on the above link to test it. But I’m puzzled …
If I click on the “file-sharing” option the result I get is “All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.”
However, if I click on “All Service Ports” it shows three ports open (the rest are closed) … none of which are Port 113 as mentioned on the page re ZoneAlarm. What’s going on here?
Next time ZA stops an intrusion click “more info” and I think it takes you to a website describing the exact nature of that intrusion and what the likely source is.
After a very high number of hits on August 13 due to the worm, things quieted down for about a week. I then began getting a lot of hits to my port 0 (possibly a ping request), almost all with IP addresses on my ISP (comcast/attbi - I guess the source IP could be spoofed).
For example, I had my computer on all day on Saturday, September 7, from 10:30 AM to midnight. ZoneAlarm recorded 204 hits. 182 of those were the ping requests, leaving 18 as other access attempts. So I was averaging 1 ping request about every 5 minutes.
I’ve never had this volume on a regular basis before. I now turn the pop-up notice off because it was getting intrusive. Is this some kind of half-baked denial of service attack?
Check the protocol for those hits. If it is ICMP, then what you’ve got is a ping RESPONSE coming in. If that is the case, then one of two things is going on:
Either someone is trying to probe your system using a spoofed answer for a request you never made or else you’ve got a run-away ping program on your PC pinging the hell out of your ISP.
I vote for the attack.
Someone may also be trying to use you as part of a distributed denial of service attack.
They send out ping requests to a gazillion IP addresses with the source address spoofed. The PCs who receive the request all send back reject messages - overloading the server at the spoofed address.
The goal may also be to overwhelm the victim’s routers. They do this by specifying a multicast source (basically a block of IP addresses.) When your machine rejects the packet, the routers along the back path broadcast your reject to ALL of the addresses in the block. Overload city.
All in all a great whacking mess, and another good reason to have a firewall.
You are set to drop packets rather than rejecting them, right?
Well, we’ll see what we can do. I’ll list the most common uses for these ports.
Port 22 is commonly used for SSH, for secure telneting. Are you runnning a telnet server?
Port 80 is usually a web server, however it could be SSH again. Not likely but possible.
Port 554 is usually used for RTSP (Real Time Streaming Protocol). This is usually open for Realplayer or Quicktime.
If you have no idea what is going on with these and want to close the ports, try going though your Zonealarm program permissions and check which programs are checked to allow server access to the internet. You can then disable them one at at time and run the ShieldsUp scan and see if that plugs the hole.
But the thing is, if ZoneAlarm (or any popular security tool) had a “back door”, it would be useless. The ZoneAlarm developers would have to know of it, and the government agencies who would take advantage of it would have to know of it, and that’s enough people that it means that the hackers of the world would know of it through leaks if they didn’t discover it themselves.
The Government isn’t going to deal with breaking into your computer remotely if they decide that they need to know what’s on it, they’re going to use the Patriot Act to get a secret search warrent, break into your house while you’re not home, make a copy of your hard drive, and then leave and never tell you they were there.
Hi Anonymous Coward and thanks for the fast reply.
Re port 554 - I don’t have Realplayer installed. I have just uninstalled Quicktime (never got it to work right, anyway :dubious: ), but that port is still showing up as “open”.
Re ports 22 & 80 - I don’t know what a “telnet server” is but the only program I have allowed access to the Internet, apart from IE and AVG, is CyberSitter, which is only enabled when my daughter is online. I think this could be it? In which case, no problemo.
As one who recently purchased a router, let me recommend you get one if you can free up the money (I got a LinkSys one for $70 - I’m sure it could be had cheaper online or during a sale - or if you got the model that doesn’t also have Wi-fi*). The setup could not be easier, and it adds an extra layer of protection, which can’t hurt.
*I bought the 802.11b model, so I can check my email from the toilet if I want to with my laptop, which I now believe to be the true, modern American dream. Only have once, just to test the signal, but it’s nice to know that I can.
Cork those holes. You are not running a web server, so none of the ports that are open are neccessary.
You only need to open holes for outbound stuff. The inbound stuff allows your PC to respond to requests from outside - and you don’t want to do that unless you are intentionally running a server.
)