Firewall - Page 2 - SV650.org

21-01-07, 12:45 AM

Quote:

Originally Posted by Stu

Gosh!, thanks for all the help.
What I need to do is order that hard drive I thought I did order before Christmas

and start from scratch again on my laptop and keep the kids and wife off it (I wish!)
My 10Gb hard drive is full of all the P0rn, I mean songs downloaded so it's not surprising it's running a bit rough.
I'll try and pick and choose from all the advice given - thanks again

Lol

Just make sure you've got a firewall running dude.....job done

21-01-07, 12:56 AM

Quote:

Originally Posted by svstreetfighter

Quote:

Originally Posted by Stu

Gosh!, thanks for all the help.
What I need to do is order that hard drive I thought I did order before Christmas

and start from scratch again on my laptop and keep the kids and wife off it (I wish!)
My 10Gb hard drive is full of all the P0rn, I mean songs downloaded so it's not surprising it's running a bit rough.
I'll try and pick and choose from all the advice given - thanks again

Lol

Just make sure you've got a firewall running dude.....job done

No, really. A hardware firewall (DSL modem/router combined) AND virus/spyware at a bare minimum. Just a firewall?

21-01-07, 01:43 AM

Quote:

Originally Posted by Baph

Quote:

Originally Posted by svstreetfighter

Quote:

Originally Posted by Stu

Gosh!, thanks for all the help.
What I need to do is order that hard drive I thought I did order before Christmas

and start from scratch again on my laptop and keep the kids and wife off it (I wish!)
My 10Gb hard drive is full of all the P0rn, I mean songs downloaded so it's not surprising it's running a bit rough.
I'll try and pick and choose from all the advice given - thanks again

Lol

Just make sure you've got a firewall running dude.....job done

No, really. A hardware firewall (DSL modem/router combined) AND virus/spyware at a bare minimum. Just a firewall?

Damn rightish

timwilky · 21-01-07, 05:20 AM

My opinion for what it is worth, is get rid of any firewall on your windoze systems. They interfere with the smooth operation (Is that possible) of the os and give you a false sense of security. Then install a hardware firewall (For home use, I prefer Netgear stuff) at your network connection.

I spent 10 years implementing and enforcing my companies security policy and architecture. A firewall is only any good if you manage it. you need to know how to read/analyse the logs. Understand the rule set you have applied and be rigorous in enforcement. I don't have default service out policies. I define all outgoing services and sources just as I do with incoming traffic. My default rule sets are always a deny rule.

A firewall is more than a nat device. it is an intelligent filter that uses stateful inspection to decide what is a valid connection. I am always suspicious of ssh traffic as I have no knowledge of what may be tunneled. P2P I stamp on. There is never a good reason for it.

So know your traffic patterns. For most homes a few simple rules to permit outgoing http/https/smtp/pop3/imap should suffice with default deny policies. The stateful inspection should then permit reply packets to established connections and all in the garden should be rosy. once you start hosting service and have to open incoming rules think carefully about what you are doing.

Anyone with an old PC that wants to learn about implementing firewalls. I suggest you have a look at the smoothwall project. install the superkernel and have control of your network firewall policies.

21-01-07, 09:28 AM

Okay - that's two of you geeks that have used the word "stateful".

I think I can have reasonable guess as to what it means but how about one of you removing the doubt?

timwilky · 21-01-07, 10:22 AM

Stateful inspection refers to the process where the firewall tracks the connection state of connections passing through it.

So your browser attempts to connect to the org. so your computer goes through a slight dialog to the org along the line of:.

----> computer Syn ----> org
---->org syn ----> computer
---->computer Ack ----> org
---->org Ack ----> computer

A sort of hello greeting can I talk to you. until the above happens your firewall will only allow a syn packet to pass in if it has previously sent out a syn packet to that destination. Then the same with the Ack.

So before any packet may pass through a firewall a connection using the above must be established.

21-01-07, 11:41 AM

Quote:

Originally Posted by timwilky

A firewall is more than a nat device.

Thankyou! That was driving me insane, reading the stuff above your comment.

Most DSL "firewalls" are NAT devices, and not "firewalls". However, for the luddite, they do the same thing. i.e. essentially block traffic, until you add a NAT rule to allow traffic in (or out, usually by default on these devices).

My view on this is you should lock down inbound and outbound traffic. In reality, at home, nobody bothers really. So a generally accepted compromise is block incoming traffic and allow all outgoing traffic by default.

In this case, a firewall on your PC will not do much (Unless its one of these "Application" firewalls, do you want internet explorer to access the internet? No ****! Unblock), however again windows firewall (in XP) is usually enabled to do the same thing, allow out, deny in.

The only time you should fiddle with this is if you need incoming services, i.e. you run a web server on your pc. Or, for example network games also require this sometimes.

In this case, you will have to change the NAT on the router and allow the incoming service on the PC.

Anyway, im just rambling now. So i'll go and grab a cuppa.

Dan

21-01-07, 05:20 AM	#14
timwilky Member Mega Poster Join Date: Mar 2004 Location: Not in Yorkshire. (Thank God) Posts: 4,116	My opinion for what it is worth, is get rid of any firewall on your windoze systems. They interfere with the smooth operation (Is that possible) of the os and give you a false sense of security. Then install a hardware firewall (For home use, I prefer Netgear stuff) at your network connection. I spent 10 years implementing and enforcing my companies security policy and architecture. A firewall is only any good if you manage it. you need to know how to read/analyse the logs. Understand the rule set you have applied and be rigorous in enforcement. I don't have default service out policies. I define all outgoing services and sources just as I do with incoming traffic. My default rule sets are always a deny rule. A firewall is more than a nat device. it is an intelligent filter that uses stateful inspection to decide what is a valid connection. I am always suspicious of ssh traffic as I have no knowledge of what may be tunneled. P2P I stamp on. There is never a good reason for it. So know your traffic patterns. For most homes a few simple rules to permit outgoing http/https/smtp/pop3/imap should suffice with default deny policies. The stateful inspection should then permit reply packets to established connections and all in the garden should be rosy. once you start hosting service and have to open incoming rules think carefully about what you are doing. Anyone with an old PC that wants to learn about implementing firewalls. I suggest you have a look at the smoothwall project. install the superkernel and have control of your network firewall policies. __________________ Not Grumpy, opinionated.

21-01-07, 10:22 AM	#16
timwilky Member Mega Poster Join Date: Mar 2004 Location: Not in Yorkshire. (Thank God) Posts: 4,116	Stateful inspection refers to the process where the firewall tracks the connection state of connections passing through it. So your browser attempts to connect to the org. so your computer goes through a slight dialog to the org along the line of:. ----> computer Syn ----> org ---->org syn ----> computer ---->computer Ack ----> org ---->org Ack ----> computer A sort of hello greeting can I talk to you. until the above happens your firewall will only allow a syn packet to pass in if it has previously sent out a syn packet to that destination. Then the same with the Ack. So before any packet may pass through a firewall a connection using the above must be established. __________________ Not Grumpy, opinionated.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Alternative to windows firewall.	Blue_SV650S	Idle Banter	11	17-10-08 07:01 PM
Free firewall ...	Tomcat	Idle Banter	23	25-10-07 12:51 PM

21-01-07, 09:28 AM	#15
Jabba Guest Posts: n/a	Okay - that's two of you geeks that have used the word "stateful". I think I can have reasonable guess as to what it means but how about one of you removing the doubt?