2004-07-16

Got Firewall?

I have been asking this question of anyone I know who has broadband, just switched to broadband, or is seriously considering boradband.

"Got Firewall?"

Okay, I usually ask it a little less abbreviated. But it is the basic idea.

The reason I ask is because you are a lot more vulnerable when you are on broadband, and it is very easy to make some assumption that make you think you are safe with broadband.

#1 Assuming that the XP firewall that worked great on dialup is protecting you on your broadband. With the XP firewall, you have to go in and activate it for each network device.

#2 Assuming that you are safe behind a router (or any other NAT device) and don't need any other firewall. You are probably behind a NAT device if you computer's IP address is 192.168.0.nnn, where nnn is a number between 1 and 254.
While you computer is normally safe behind a NAT router from probe attacks, there is a case when you are no longer safe. And that is when you run any kind of Tunneling software.
The most common type of tunnling is running a VPN connection to a work network. When you tunnel to another network, it is as if you had plugged the network card of you computer directly into the work network. That means if there are any beasties loose on the work network, your computer is now exposed directly to network attack.
Well, most work networks are policed pretty well, and beasties are usually cleaned out pretty quickly if the manage to get in. So that isn't a big concern.
What is a much bigger concern, in my opinion, is running tunnling software and not even knowing that you are tunnled past your NAT router.
Want to know the most common tunnel program on the internet?
The AOL client.
I found out a long time ago, for the short time when we had AOL and broadband. I had reciently installed a DSL/hub with NAT. But I still had firewall software running. I logged onto AOL, and a few minutes later, my firewall software told me someone wanted to connect to my port 80, for an IP address that was not in my LAN! Something was trying to see if I was running a web server that it could try to infect!
But I was behind my DSL/hub! How could someone get a port probe past my hub. It took me a few minutes before I realized that AOL had tunneled me past my DSL/hub, and that I was exposed to a much bigger network!

Section 1.1 details AOL's tunnel

So once again I ask: Got Firewall? :)
Posted by Keith at 7/16/2004 07:51:00 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)