Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Software Troubleshooting
Fort Knox Firewall
Message
<blockquote data-quote="ForgottenSeer 58943" data-source="post: 714400"><p>People get confused by this. A hardware firewall is usually just some SPI L2 rules to examine deformed packets and simple NAT to ghost the internet subnet/ips of devices exiting the network. Otherwise, a firewall isn't going to do anything and really isn't any security other than the most basic. Networks have a public and private IP structure, the internal network under the assumption it has a private address space CANNOT be addressable from outside of the local network. The 'router' sits at the border between your public and private address space routing traffic based on the DHCP pool and ARP tables. Sessions are created locally on the PC. For example when you go to Microsoft.com a session is created between your computer and Microsoft, the router NAT's your internal and the firewall handles the traffic coming for malformations but does not examine outbound traffic.</p><p></p><p>Outbound traffic falls under L3-L7, which are UTM/NGFW areas.. To examine outbound traffic your 'firewall' on the network would need to actually have DPI in the L3-L7, then at that point it can control egress from your network. That's why companies have UTM/NGFW appliances to help control egress and examine not only inbound traffic at a deeper level, but outbound as well. In the modern age, firewalls (SPI etc) are largely obsolete in terms of any effective security. A lot of 'old' guys in IT still think NAT and SPI are effective solutions, and we spend most of our days cleaning up from those guys.</p><p></p><p>Opening ports on a hardware firewall is almost always a bad idea. FORWARDING ports is better but unless explicitly needed should be avoided. Once you start forwarding external ports to your internal network you start opening security holes. Unless you have a L3-L7 device examining that traffic you've opened a door wide and anyone can come in. Businesses are hacked because they do things like open SMB445 or SSH22, then a script kidding can load your gateway IP into their system and spend the next few years slamming it until they find a hole and you'll never notice it unless your router has decent logging and you watch those logs.</p><p></p><p>Software firewalls are really like little UTM's on your machine with IPS, L3/L7 inspection of traffic, application firewalling, etc. Ideally you want a UTM AND a good Software Firewall, in the perfect world. But for consumers, I'd advocate a far far better software firewall if you are just using a router/firewall on your gateway, it becomes even more critical for you. Also, most software firewalls are laden with false positives flagging internal ARP, ICMP and SYN activity as malicious attacks, when they are just network noise. So don't get too excited if they start popping off alerts.. It's not the NSA bothering you, it's probably our Fire Stick. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite126" alt=":ROFLMAO:" title="ROFL :ROFLMAO:" loading="lazy" data-shortname=":ROFLMAO:" /></p></blockquote><p></p>
[QUOTE="ForgottenSeer 58943, post: 714400"] People get confused by this. A hardware firewall is usually just some SPI L2 rules to examine deformed packets and simple NAT to ghost the internet subnet/ips of devices exiting the network. Otherwise, a firewall isn't going to do anything and really isn't any security other than the most basic. Networks have a public and private IP structure, the internal network under the assumption it has a private address space CANNOT be addressable from outside of the local network. The 'router' sits at the border between your public and private address space routing traffic based on the DHCP pool and ARP tables. Sessions are created locally on the PC. For example when you go to Microsoft.com a session is created between your computer and Microsoft, the router NAT's your internal and the firewall handles the traffic coming for malformations but does not examine outbound traffic. Outbound traffic falls under L3-L7, which are UTM/NGFW areas.. To examine outbound traffic your 'firewall' on the network would need to actually have DPI in the L3-L7, then at that point it can control egress from your network. That's why companies have UTM/NGFW appliances to help control egress and examine not only inbound traffic at a deeper level, but outbound as well. In the modern age, firewalls (SPI etc) are largely obsolete in terms of any effective security. A lot of 'old' guys in IT still think NAT and SPI are effective solutions, and we spend most of our days cleaning up from those guys. Opening ports on a hardware firewall is almost always a bad idea. FORWARDING ports is better but unless explicitly needed should be avoided. Once you start forwarding external ports to your internal network you start opening security holes. Unless you have a L3-L7 device examining that traffic you've opened a door wide and anyone can come in. Businesses are hacked because they do things like open SMB445 or SSH22, then a script kidding can load your gateway IP into their system and spend the next few years slamming it until they find a hole and you'll never notice it unless your router has decent logging and you watch those logs. Software firewalls are really like little UTM's on your machine with IPS, L3/L7 inspection of traffic, application firewalling, etc. Ideally you want a UTM AND a good Software Firewall, in the perfect world. But for consumers, I'd advocate a far far better software firewall if you are just using a router/firewall on your gateway, it becomes even more critical for you. Also, most software firewalls are laden with false positives flagging internal ARP, ICMP and SYN activity as malicious attacks, when they are just network noise. So don't get too excited if they start popping off alerts.. It's not the NSA bothering you, it's probably our Fire Stick. :ROFLMAO: [/QUOTE]
Insert quotes…
Verification
Post reply
Top