Friday, July 10, 2009

Windows and Firewalls

I find many people like to download third party firewall because they heard Windows Firewall isn't secure enough.
I do agree it is partially true, Windows Firewall isn't exactly the most secure firewall, however I do agree that Windows Firewall is sufficiently good enough for home users not to download a third party firewall.

So what is a firewall?


Basically a Firewall is just a Network Packet handler, nothing fanciful like the name you call it.
It doesn't look like this:
What it does is when it receives a network packet, it determines the course of action based on the firewall ruleset and the contents of the network packet.
How good a firewall depends on how well it is configured to handle different TCP/IP Packets(how good is the ruleset defined).
For Linux based system the Firewall is called IPTABLES.
See my point? A good firewall has NO Fanciful name or Graphics Interface. (*BSD uses a variety; IPFW or PF(Packet Filter))
IPTABLES is fundamentally configured via Commandline (aka Terminal) although a GUI called FireStarter exist for it to make configuring it easier.

Why is IPTABLES good?


Because it is configured via Commandline, the rules you can set is very versatile and flexible hence in the hands of a capable System Admin it can be difficult to find loopholes in the ruleset.
Therefore Linux Machines with Well Configure IPTABLES ruleset makes a very solid, secure Server.

What about Windows Firewall?


The reason I said it isn't as good as the ruleset available in Windows XP is very limited you can't configure it much.
For Windows Vista it is slightly better as it allows ruleset customization. However in the hands of a average computer user not well verse in firewalling rules, it achieves very little.
For deploying a Windows System as a Server this is not enough.
However for home users this is actually sufficient.
How many home user actually get hacked by a cracker? Very very little.
Most users get pwned by Malware (as a result of downloading and executing suspicious files) more often than a net penetration.
Why is this so?

Why is Windows Firewall "Good Enough" for Home Users?

Because home users connect via an ISP and they don't stay connected 24/7.
Think of it as a mobile home. The attacker has to do reconnaissance, vulnerability scanning however home users do not stay connected that long to an IP for an attacker to do that.
To invade a system you need planning even if it is as weakly defended like a straw hut you need to find the door first.
If the hut changes location frequently how are you even going to find it?

Addition protection you did not notice:

To add on most ISP uses NAT (Network Address Translation) meaning the packet redirection is done at a ISP level hence the attack do not know the real IP address to your System.
NAT behaves as a form of firewall.
Modern homes also uses a router than implements NAT at router level further masking your real location.
You may ask if it is redirected so many times how do the server know it is this particular system that is requesting this information.
The answer is stateful packet inspection.
Each time your computer initiate an outgoing connection, the router will keep track of the connection.
If it is closed and a foreign server request an incoming connection that is not expected it is dropped hence no external connection could be made to your computer by a external server unless you allow a direct connection which would be then your fault.

Another thing you may argue is good firewall prevent malware from initiating unwanted external connection from the inside, much like a spy, but then again it is the user fault from downloading the malware besides when a malware infects your system you should remove it and not let it continue to make external connection from your system.

Norton will tell you your computer needs it and of course Mcafee will also scare you into buying their products but the truth is you are more secure than they are trying to make you believe.
Not to mention third party firewall consume system resource, run extra threads causes weird System behavior and incompatibilities hence going against my software principal of "less is more".

I hope you will learnt from this that firewall while essential for server is not so essential for home users considering so much NAT is already in place so head over to uninstall unnecessary firewall programs now.

No comments:

Post a Comment