 Number 199 - December 1999 |
| Installing a Firewall | |
| by Bob Thomson, Tacoma Open Group for Microcomputers | |
|
Why Would I Need a Firewall?
Recently I have been attending TAPCUG's Linux SIG and the instructor Gene Devereaux has commented several times on the vulnerability of a system connected to the Internet via a Cable modem or DSL connection. These systems are connected to the Internet all the time, unless you physically disconnect them and his claim is that they are "wide open" to the Internet. Consequently, any hacker with a little knowledge and your IP address can break into your system and wreak whatever havoc he is bent on wreaking. How can he get your IP address? The same way he can figure out your password, given time, by setting a sequencing searcher to work, trying every possible combination of characters until it records a "hit". Also, logic tells us that "blocks" of sequential IP numbers tend to be assigned to individual servers, so once one IP address is associated with a server, it doesn't take a giant leap to guess the IP addresses of other customers of that server. A Firewall can prevent anyone from gaining access to your computer to determine your IP or any other system information or data files. It should be obvious that you should NOT activate file sharing! What is a Firewall and What Does It DO? There are probably better explanations elsewhere, but here's one that will suffice for now. A Firewall is created by software that constantly monitors incoming signals to determine which components of your computer they are trying to communicate with, or "get into" and prevent them from doing so. You can set your profile as Trusting, Suspicious, Nervous and Paranoid. Outside activities could be classified as, say, Normal, Suspicious, Dangerous, Critical. You could set your firewall software to allow "normal" traffic through but stop all other categories and alert you when they occur. It may identify them as "Intruders". Does My Server Have a Firewall? I am connected to the Internet through a USB Ethernet Adapter/Converter and a Cable modem using AT&T Cable Systems (formerly TCI) as my Internet Service Provider (ISP). My son , also a TOG member, works for AT&T Cable Systems and I asked him to enquire whether they have a Firewall. One of the @Home Specialists there said "Yes, they do." Time Out! Let's Back Up For a Minute First I wish to thank TOG Librarian, Tom Stepanec, who sent an e-mail during this past month alerting fellow TOG members of a website run by Steve Gibson of Gibson Research (http://grc.com). Steve is one of the "good guys" of the computing world. His SpinRite hard disk analysis and repair software is world famous, and he has come up with other helpful utilities over the years. If you visit his Shields Up section you can opt to have your system examined and to have your computer's ports probed. This as a free service, and is in keeping with Steve Gibson's good guy image. He is also working on other elements of what he intends to be a freeware package which can be installed to provide a complete functional firewall on any system. Until this freeware is developed and available he has recommended some commercial packages. It is worth checking his site periodically for new developments. TOG Program Chairman, O. A. Wesley, who hosts our FTP server on a DSL line, installed BlackICE Defender firewall software from NetworkICE, one of those listed by Steve Gibson, to protect his server from hackers. |
I visited the Gibson
Research site and opted to have them "ping" on my system to determine
its vulnerabilities. Since I was connected to the website, and so was,
presumably , "wide open", Gibson's software should have been able to
read my IP address and other data about my system. It was supposed to
examine my system and then report on what it found. The IP number it
found was not mine, but the IP-related system was determined to be very
secure. I did this more than once and it identified two sequential IPs. I
surmised from this that the IPs it found were those of AT&T Cable
System's servers in the Tacoma area, and that they stood between my
system and the Internet. In other words, they provided a firewall
between systems served by them and the Internet. This seems to confirm
the "Yes, they do." statement that AT&T Cable Systems does, indeed,
provide a firewall.
Before I called my son at AT&T Cable Systems and asked the firewall question, and while I was still at the Gibson Research site, I also surveyed Steve Gibson's evaluation of Firewall software. I chose BlackICE Defender ($39.99), bought it, downloaded it and installed it immediately. Now I have my own firewall whether AT&T Cable Systems does or not. Before I installed BlackICE, Idownloaded IP_AGENT.EXE, a freebie, from Gibson's site and ran it on my system to assess its vulnerability. Of course, it found my correct IP and found everything closed except my NetBIOS which was OPEN!!! With BlackICE installed it couldn't get into anything. Meanwhile, Back At The Ranch... After my son asked him the question, the @Home Specialist, also "pinged" on my system repeatedly causing my BlackICE Defender firewall software to alert me that it had detected an "intruder" and to post a "TCP SYN Flood" message. This message means that some one has tried to enter my system with rapidly repeated contacts that could slow down my system or stop it completely. BlackICE Defender gave me specific details about the identity of the "Intruder", such as: IP: AA.BB.CCC.DD (all numeric) DNS: c1234567-a.tcma1.wa.home.com Node: c1234567-a (Computer Name) Group: @HOME NetBIOS: ATT@HOME MAC: (12 alphanumeric code) This kind of information, of course, can be used to track down intruders for whatever reason, to pursue legal remedies, send a hit man, solicit for TOG membership or whatever. The @Home Specialist scanned all my ports too and BlackICE reported that to me. He reported to my son that my system was fine (i.e. safe) but that I should not activate file sharing. A more serious Port Probing activity is commonly done by hackers to find "holes" in a system, so they can come back later and do their worst. Someone with an IP close to mine (Tacoma area?) has tried to probe my ports several times. I have his IP address but it may be a fake. Does Your ISP on US West's DSL Provide a Firewall? I don't know. That's a project for someone else to pursue. You can start with http://grc.com. Anyone? |
|
Number 199 - December 1999
|
|