Contact us | NT Penetration | Web Services | Intruders|Computer Crime | Terminology | Index

Investigation Tool: Knowledge

Firewalls- Blocking intruders who attack systems -- for the lay person and the more experienced.

Welcome: If you are an advanced user or IT professional you might enjoy playing with some of the more sophisticated toys. 

  • Be sure to visit the Sans Institute at http://www.sans.org .

  • A small collection of  free samarai (not cracker) tools is available at our downloads server here. You will find some good tools ranging from port scanners to packet snifferrs to help you watch your favourite box for intruders and to develop a better understanding of what is happening on your networks. 

  • An extensive array of Traceroute facilities is available here. Click this link for extended Whois queries. DNS / BIND (Berkeley Internet Name Domain) tools are here.

Why a Firewall?

Surfing the Internet exposes you to hackers, malicious code, and other Internet threats. A proposed solution is the firewall, but be wary, it is not the be all to end all. See also intruders, protecting your Win98 computer, and Win NT Penetration 


Here's how one software vendor (McAfee) puts it:

  1. "High-speed "always-on" Internet connections, such as cable modems or DSL, make your Computer vulnerable to Internet attacks.

  2. Hackers can steal your bank account information, credit card numbers, and other personal data.

  3. Hackers can take control of your PC and wreak havoc on your hard drive

  4. Hackers can launch malicious attacks on others from your PC."

 What is a firewall?

Firewall: Heretofore wall designed to prevent the spread of fire through a building. In tech-speak and compuer science, a firewall is any one or a blend of security schemes that prevent unauthorized users from gaining access to a computer network or that monitor transfers of information to and from the network. In other words, a system or combination of systems that enforces a boundary between two or more networks. 


DNS Tools
BIND Host Query
NSLookup Tool
Dig 8.3 Query Tool
Host Lookup (SOA Records)

Network-Level Firewall
 A firewall in which traffic is examined at the network protocol packet level.

Personal firewall is a technology that helps prevent intruders from accessing data on your PC via the Internet or another network by keeping unauthorized data from entering or exiting your system. 

Firewalls for the Lay Person

That probably doesn't help you too much. Right? Think about this: Your typical mischief maker is going to find their way to your machine with one or another methods or devices. Why? Because it's there. Or maybe you have something they want. Like money. Your kids!!! Software. Lists. Email addresses. Or they don't like you. Or they have a friend who doesn't like you. Or they want to use your computer to hurt someone else!!!

Putting up a wall that keeps them out of your important "stuff" is your safest bet. They can rattle around outside that wall all they want as long as they don't get in. Right? Some firewalls even fool crackers into believing they are "IN" meanwhile they are literally traveling around in circles within a virtual whirl pool of non-reality that was designed to waste the time of crackers and keep them believing they are going somewhere. All the while your important "stuff" is safe behind the wall. Got the picture of what a firewall does? 

Well. That certainly oversimplifies things but it makes for a basic understanding. A few of the more complicated aspects are explained later. Your question is likely: "Do I bother?" Methinks the answer must be "yes" and you must make the choice about what degree of protection you require.

This technology is becoming extremely complicated, so much so that the specialist world is filled with more talk than reality. Methinks the crackers are winning.

Consider this as well. Firewalls will protect you. If you are the average personal computer user, you have at risk some umpteen thousand dollars real or credit that could be purloined by a cracker who gets into your computer "wallet". Compare this situation to your bankers or Fort Knox where resides gazillions of dollars. Who do you think needs the better firewall? So don't go nuts and spend a fortune as if you are protecting Fort Knox. 

Think about minimizing your risk by NEVER storing or passing critical information to or through any "connected" computer that you use. Or next best, MINIMIZE this risk. Then build a security regime  commensurate with the threat. Go to Trend or McAfee and check out their offerings. These two firms are at the top of the ladder for home system protection. But before that, read on and check out some of the other pages on this site to inform yourself.

One of the things I worry about is the kids! A couple of pre-teen / early-teen gals taking turns at the computer are a panacea for your basic "internet pervert". They exist. They are often highly intelligent. As in SUPER intelligent in some cases. I have busted this type before and can tell you that there are some very nasty people out there. 

Think of this scenario. It's so typical. The kids are dancing that mouse cursor across the computer screen like a bumblebee on steroids. Connection rates exceed a mega baud. Things are opening, closing, dancing across the screen. They talk to boys on the chats and messengers. They check out websites. They get pictures, trade stuff for music, and splatter literally thousands of data packets containing information about them and your home on the hard drive, on servers and scurrying through cyberspace. These information bites are dangerous if obtained by a malicious malintentioned person.

Got kids? Wanna talk firewalls?

Firewalls can block malicious attacks and protect your computer from outside threats. A firewall can prevent an unauthorized user from accessing your PC, either from the Internet or from within your local network. It blocks some Trojan programs and many hostile applications that seek to take over your computer. New packages aimed at home users and small businesses are inexpensive and require little setup on your part. 

When you're connected to the Internet, you're sending and receiving information in small units called packets. A packet contains the addresses of the sender and the recipient along with a piece of data, a request, a command, or almost anything having to do with your connection to the Internet. 

As with any mail, not every parcel that arrives at your computer is something you want to open. A firewall examines each data packet sent to or from your computer to see if it meets certain criteria. It then either passes or blocks the packet. The criteria a firewall uses for passing packets along depends on the kind of firewall you use. The most common type you'll find for home and small business use is called an application gateway firewall, or proxy, which acts like a security guard.

Anything you send or receive stops first at the firewall, which filters packets based on IP addresses [Internet protocol that identifies each and every computer specifically] and content, as well as the specific functions of an application. For instance, if you're running an FTP [File Transfer Protocol] program, or using the more advanced browsers with built-in FTP (you maybe didn't even know) the proxy could permit file uploads while blocking other FTP functions, such as viewing or deleting files. 

You can also set the firewall to ignore all traffic for FTP services but allow all packets generated during Web browsing. 

Other types of firewalls include packet filters, which examine every packet for an approved IP address; circuit-level firewalls, which allow communication only with approved computers and Internet service providers; and the newest type, stateful inspection firewalls, which note the configuration of approved packets and then pass or block traffic based on those characteristics. Packet-filter, circuit-level, and stateful inspection firewalls are mostly found in corporate network setups. They require major upkeep, so they aren't suitable for most smaller companies and home users.

Mike O'Brien

Contact us | NT Penetration | Web Services | Intruders|Computer Crime | Terminology | Index

We also suggest you check out the latest security releases from  the following:

And if you are intensely interested: