PCCITIZEN.com - SAFE COMPUTING/HOME NETWORKING/COMPUTING TIPS/CLEANUP-FIXUP-ADDUP

PicoSearch

 

HOME

START HERE

BE SAFE

ROUTERS

SIGNUP INFO

DIAGRAMS

TROUBLECITY

DEBUGGING

SPYING

WIRELESS

NETWORKING

ENCRYPTION

INTRUDERS

SPYWARE

ADD DISK

ANTIVIRUS

CLEANUP

FIREWALL

REMOTE

LINUX

UPGRADE

WPA!!

SWITCHES/HUBS

PC STUFF

CABLING

BACKUP

ETHERNET

TCP/IP INFO

PC INFO

ADSL INFO

WIRELESS INFO

 

HAVE I HELPED?

 

DIPLOMATIC FIREWALLS

Explanation of firewalls, especially including stateful firewalls.

A simple NAT/router will block any INCOMING TCP connection attempts.  It will allow OUTGOING TCP  connection attempts, and then will keep track of and allow all IP packets coming and going associated with this connection.  The source and destination IP addresses will remain the same for the length of this connection. 

A simple NAT/router will also block unsolicited INCOMING UDP, while allowing all OUTGOING UDP, and the returning "solicited" UDP.  The NAT/router uses the IP address and a timer to wait for a response to the original outgoing UDP, in order to decide whether to allow the returning UDP.  If the timer expires on the outgoing UDP, the returning inbound UDP becomes unsolicited and is blocked.   The discussion of TCP vs UDP can be found here.

Note that a simple NAT/router must perform some "stateful" processing to remember these TCP connections and outbound UDP, but these are the most complicated tasks that a NAT/router typically performs. 

I maintain that a "firewall" adds additional intelligence and capabilities in addition to those of the NAT/router above.  The term "firewall" is terribly abused.  I would maintain that there are basically two types of these "things:"  NAT/routers and firewalls. 

A "firewall," will perform many more tests on the validity of the IP packets it receives than a NAT/router, especially in relation to any TCP connection it is presently tracking.  It will check for many illegally formatted or out of sequence IP packets, or unassociated IP fragments, or lone FINs or ACKs, or SYN floods, or meaningless TCP states, which are often used by crackers to fake out the firewall.  The firewall will also keep logs of dropped packets and questionable events it has seen, which can be used for later analysis.   

Now there is absolutely no way to know by looking at a NAT/router" or a "firewall" product, or maybe even reading the spec sheet, exactly how good it is in protecting your company assets.  You would have to know an awful lot about all the possible exploits that hackers can throw at your site.  You have to remember that "firewalls" are basically software that runs on some PC or workstation chassis.  In addition it runs on a familiar OS, such as a secure and hardened Linux OS.  In addition, much as with any piece of software, the vendors are continually coming out with upgrades and patches and releases and new and improved versions. 

So what is a person to do.....   Well, since you are just a lowly homeowner here, there is probably very little interest by the crackers out there to penetrate your meager defenses.  In addition, if your IP address is stealthed and changes occasionally, as its the case with most commercial ADSL and Cable Modem services, then you are pretty safe.  A NAT/router is the minimum amount of protection you need, but it is a very good starting point.

But just remember the safe computing practices, and start with that simple NAT/router.

TCP/IP STUFF

WIRELESS STUFF

PC STUFF

ADSL/CABLE MODEM STUFF

 

Copyright John D Loop Saturday January 22, 2005