Re: What good is a firewall?
From: Hernán Freschi (hjf.usenet_at_hjf.com.ar)
Date: Wed, 27 Apr 2005 15:52:19 -0300
> I'm doing a paper on home internet security and wanted to ask network
> gurus a couple questions about firewalls:
> What is the real benefit of a firewall for a home internet user? If the
> only thing a user does is surf the web and send/receive email. What
> protection does it provide? I know the Windows service port can be a
> target, since it can't be disabled, but that notwithstanding, what does
> a user risk?
Well there is some way that someone might get into your files via SMB,
but thats very unlikely. But now, with the infinity of worms around the
net... Have you heard of blaster? That was a worm which uses a
"vulnerability" in the RPC (remote procedure call) of Windows and makes
the computer to power off. Once and again, every time you connect to the
net. Other worms make your machine a spam server slave.
> I think people see the firewall as a panacea. The problem for most home
> users is not what they block, but what they allow. Email attachments,
> malicious activeX scripts, etc. are the real cuplrits, correct?
Part true. The windows default install (see the paragraph above) is not
secure at all.
> I know that packets arriving at the computer are processed, but if the
> destination port they target has no running service, they're discarded.
No. By default the OS answers "excuse me sir, there is no service
running here". and stuff. when you use linux IPTABLES with a DENY it
does that. If you do a DROP then the packet is silently discarded.
> Of course, DOS attacks can be launched that overwhelm a system but that
> can still happen with a firewall, right?
I don't think so. If the firewall drops packets, then the sending
systems are more likely to stop sending packets at all, because they
will think that either you have a firewall or that your host is down
already, and look for another victim.
> So whats the benefit?
Make a default install of Windows XP not SP1 or SP2 and connect to AOL
(easy target for scanners). Your computer WILL be pwnt in a matter of
hours, if not minutes.
-- Sí esta atascado, fuércelo. Sí se rompe, es que necesitaba ser reemplazado. http://www.hjf.com.ar/