Hardware firewall.

[Toxcity]

Hello Peeps!

Just a quick question, been arguing with my father about viruses!

Okay, Can a virus get though a hardware firewall?

On it own? As in not from someone opening a file or somethign, just automatically?

I say no, seeing as all the ports are closed. We are talking about when a PC is idle. I am not sure so I decided to past the question on to you guys!

 

[darkorb]

i dont think it is possible, but you should still have some sort of software antivirus of some sort.

 

[JN]

Yeah sure a virus can get thru a firewall. Firewalls are primarily designed to inspect incoming packets, block out ports and generally keep your internal network shielded from the outside world.

If you're behind a firewall and you download a virus, it will get thru and if you don't have antivirus on your PC, it will get infected.

 

[equk]

Hello Peeps!

Just a quick question, been arguing with my father about viruses!

Okay, Can a virus get though a hardware firewall?

On it own? As in not from someone opening a file or somethign, just automatically?

I say no, seeing as all the ports are closed. We are talking about when a PC is idle. I am not sure so I decided to past the question on to you guys!

A virus can get past any firewall.

Altho it depends on how you're asking the question. You can't *not* get viruses because you have a hardware firewall.

You also need to differentiate between firewall and antivirus.

An antivirus protects against *known* viruses.

A firewall protects a network via port filtering.

Also a hardware firewall is only as good as it's administrator.

There are too many different versions of firewalls aswell. Most people use a SPI (Stateful Packet) firewall which works but is only as secure as the users in that it will let communication providing the user initiates it.

Worms might not penetrate a firewall *providing it is setup correctly*.

Also as most viruses are downloaded by the user, the firewall will do little if anything at all to prevent it.

 

[equk]

Just wanted to add that I know someone who bought a router with a SPI firewall and removed his antivirus because he thought he was safe lol

Also a virus could get thru "on it's own" via javascript, activex etc

 

[Toxteth O'Grady]

In simple terms a hardware firewall will block all incoming packets unless they are invited in. So the simple answer is no a virus can't get through.

Every time your computer connects to the internet through any one of 63,500 ports you are sending a data request out; the firewall then allows replies back in through the same port. If those 'replies' happen to be a file with a virus payload (download, p2p, e-mail attachment etc) then your firewall won't block it because as far as it's concerned you asked for the data to be sent to you in the first place.

Viruses can however get in if your PC is sending out invites without you knowing it. That's how a trojan/backdoor works. You unwittingly download a file with a trojan payload and it then opens a 'backdoor' port in your firewall to invite in more mayhem. So you need a good AV to detect incoming viruses that get through the firewall because the user has inadvertantly asked for them.

For most homeusers a simple hardware firewall stops uninvited intrusions. The AV blocks infected files that have been 'asked for' (albeit innocently). If a virus gets in and is not detected by your AV then that's where a software firewall comes into play. It will tell you all applications that are trying to open a port to get out (e.g. a trojan/backdoor) and allow you to block it. A hardware firewall won't do that.

Of course the above is no use if you want to run an internet server of some description (website, email, games). A server has to respond to data requests to work (i.e. allow unkown and unsolicited inputs). Therefore the server ports have to be permanently open to inbound traffic on the ports it needs. That's when you need to go to an advanced, pro grade managed firewall (= $$$$) to provide additional protection against unsolicited attacks,

HTH



TOG

 

[equk]

That's when you need to go to an advanced, pro grade managed firewall (= $$$$) to provide additional protection against unsolicited attacks,

You can buy/setup a managed firewall cheaply using OpenWRT or unix/linux. The software is free and the hardware is very cheap.

If you're really interested in security, firewalls and networking I'd suggest writing a IPTables firewall (not a simple SPI one).

I got bored/lost after a few lines of that last post. Was a bit OTT for the question asked and also some of it was confusingly worded

I didn't understand if you said yes or no to the question tbh

 

[llwyd]

That actually made things clearer for me and was easy to read lol. My router firewall has been pretty effective, I usually get away with no AV software at all

Thankyou Tox

 

[Toxteth O'Grady]

np

It's a massively complex subject and I've very much over-simplified it to try capture the basics.

I usually get away with no AV software at all

But if you have no AV (and perhaps no software firewall) how would you know? Malware doesn't always give a noticeable reduction in performance. How do you know if your PC has a rootkit or a keylogger or is acting as a spambot?



TOG

 

[Toxcity]

I understood Tox, Reps your why!

Nice answer, and taht is what I was telling my dad, it just I need to get more info on the subject to be totally sure.

So really the home user doing nothing apart from internet surfing and online games are safe with Hardware firewalls. As I suspected.

Its not like a hacker will try and hack my system, What would be the point!

Thanks for the info peeps!

 

[equk]

It is possible to penetrate a SPI firewall so worms can have that ability.

The basic idea of the described attack is to subvert the security

policy implemented by a stateful firewall. This is done by triggering

the generation of a TCP packet that, when inspected by the firewall,

will change the firewall's internal state such that an attacker is

able to establish a TCP connection to a filtered port through the

firewall.

 

[Toxteth O'Grady]

It is possible to penetrate a SPI firewall so worms can have that ability.

Yes it is. As I said it's a massively complex subject and that's why, like I said pro-firewalls = $$$$ to counter such attacks. Corporate servers are much more vulnerable because they have to be open to 1000s of users and tend to reap richer dividends for hackers if cokmpromised.

However all unsolicited attacks need to know there is a WAN IP there to be compromised. That's why it's better to stealth all ports via the hardware firewall.



TOG

 

[Toxteth O'Grady]

Its not like a hacker will try and hack my system, What would be the point!

Not quite. Most unsolicited attacks are bots/auto-scanning probes. Best thing to do is stealth your the WAN IP of your router on all ports.

So really the home user doing nothing apart from internet surfing and online games are safe with Hardware firewalls. As I suspected what would be the point!

NO! NO! NO! You're missing the point. Yes a hardware firewall is good (relatively) for blocking unsolicited intrusions, certainly compared with just a DSL modem which leaves you wide open. However 99.9% of malware affecting home users is invited in by the user through the hardware firewall (you just don't realise it, that's all). That's why you also need to lockdown your PC with security software (AV, anti-spyware, sw firewall, good web browser etc.). For example a very common infection results from pron and crackz websites that YOU may visit. P2P and downloading free codecs are also problematic.



TOG

 

[Toxcity]

Not quite. Most unsolicited attacks are bots/auto-scanning probes. Best thing to do is stealth your the WAN IP of your router on all ports.

NO! NO! NO! You're missing the point. Yes a hardware firewall is good (relatively) for blocking unsolicited intrusions, certainly compared with just a DSL modem which leaves you wide open. However 99.9% of malware affecting home users is invited in by the user through the hardware firewall (you just don't realise it, that's all). That's why you also need to lockdown your PC with security software (AV, anti-spyware, sw firewall, good web browser etc.). For example a very common infection results from pron and crackz websites that YOU may visit. P2P and downloading free codecs are also problematic.



TOG

Haha Pron!

Anywhoo Yes i Understand, But any clever user won't go to these pron sites or CRACK sites!

I have had a few Viruses from crack sites but I admit they where my fualt.

Apart from those sites the internet is pretty safe.. I only go on like 5 website most of the time.. OC3D Nvidia Bootleggers and Google.

Yes I do search the net but not really for PRON mostly for hardware errors or software errors.

I use a hardware firewall and windows firewall, thats it.

Never had a virus apart from being invited by me...

I use Adaware alot and delete all cookies + temp internet files very afternoon.

I think im safe.. Although if I do get a virus I find it a challenage or intresting.

 

[Toxteth O'Grady]

Haha Pron!

Anywhoo Yes i Understand, But any clever user won't go to these pron sites or CRACK sites!

I have had a few Viruses from crack sites but I admit they where my fualt.

Apart from those sites the internet is pretty safe.. I only go on like 5 website most of the time.. OC3D Nvidia Bootleggers and Google.

Yes I do search the net but not really for PRON mostly for hardware errors or software errors.

I use a hardware firewall and windows firewall, thats it.

Never had a virus apart from being invited by me...

I use Adaware alot and delete all cookies + temp internet files very afternoon.

I think im safe.. Although if I do get a virus I find it a challenage or intresting.

You're right, tbh common sense, knowledge and good practice are often the best line of defence. I'd be careful if you've no AV (unless ur a Linux or OS X user). I think not knowing you've got a keylogger installed after you've just entered your card details for that shiney new piece of hardware from Newegg would be a little bit more than "challenging or interesting"



TOG