Quote:
Originally posted by Gratis
On a tangent, I'm getting conflicting information here:
MrGone says: "And 'your firewall caught it so you're okay' is bullshit, you're okay anyway because you don't have a service listening for traffic on that port (even if you did, it'd most likely be a gnutella client which don't currently have holes to exploit). Noone can just aim a sharply pointed packet at your computer and "hack" it. You must be running some form of server (web, email, ftp, gnutella servent, etc) to receive and process the traffic coming in."
However, cultiv8r says: "There are some things to note about Cable Modem access though. Because your computer will be connected to the Internet 24/7 (or at least, it is supposed to be), you become a bit easier target to malicious users. A software based firewall is a good start, but I'd recommend adding a hardware firewall as well."
|
Well, not really conflicting I don't think. Being connected constantly makes you an easier target in that if there is a trojan or other security hole in your system there is more opportunity for someone to exploit it. That and persistant connections tend to hang onto an ip address longer so once someone has found you as having a hole it is easier for them to exploit it again later.
Quote:
Originally posted by Gratis
These are the two predominant views that I've heard regarding firewalls. My questions are:
• If I'm on a system NOT running any servers:
Which information is more accurate? What exactly is a hacker/cracker/kiddiescripter capable of (apart from the trojan issue)? Can anyone really harm me even if I don't have a firewall? Are firewalls then only a preventative measure in case one downloads a trojan? I have even heard that a firewall may cause increased risk, because IT is, in fact listening at the ports. Is that true?
|
If you're not running any servers (or silly things like File and Print sharing, another potential hole) and you do not have a trojan on your system then there is nothing a cracker can really do to your system. There is always the possibility of a DoS (Denial of Service) attack, but those are most often accomplished by making too many connections (again requiring some sort of server) than there are with just bandwidth flooding (which a firewall couldn't stop anyway.)
And no, firewalls do not listen on the ports (excepting possibly for remote administration of the firewall.)
Quote:
Originally posted by Gratis
• If I'm on a system that IS running some sort of server:
What is the risk? Will a firewall (hardware or software) help protect me? How is this possible if the port needs to remain open in order to serve?
|
If you're running some kind of server your best bet is to keep it updated and apply any security patches that come out for it. A firewall (hard or soft) will give you information on traffic passing in and out of your computer (ip addresses, ports used, throughput, protocol (TCP, UDP, ICMP), etc) and will let you have control over this traffic.
For example, if someone was doing a port scan on your computer to see if there were any listening services (maybe one being exploitable) you could see this happening and block his IP address from anything you do actually have running (exploitable or not, this guy can kiss off.) Then you can do a whois lookup on the IP address and notify his ISP regarding the attempted abuse (you're probably not the only person he's tried this on) and enough complaints could get him shut down (probably temporarily, but that's better than nothing) potentially saving the *** of some poor schmuck who is running an unsecure system.
Quote:
Originally posted by Gratis
• Third: Does any of this change if I'm connected to the internet via a wireless connection to a base-station that is hooked into a DSL router? Can some sneaky driver-by hack into my computer through my wireless connection?
|
Wireless systems use encryption to protect the signal,
make sure you're using this encryption if you're on a wireless network Quote:
Originally posted by Gratis
• The last question is: Do the answers to these questions change if I'm on a macintosh (running either os 9, or os X)? I have heard that macintoshes are virtually invulnerable to hacking other than through a direct, hardware connection. However I've heard that there may be some security holes in os X.
|
Macs are "hackable"
Quote:
Originally posted by Gratis
Any security experts in the house, with a lot of time on their hands? If not, where can I post these questions?
Thanks a bunch,
Gratis |
There is a great forum for these kinds of questions at
http://www.dslreports.com/forum/security,1