Security

What is a Hardware Firewall and which Hardwire Firewall is Best?

If you have more than three computers in your home or business that share the same internet connection, a hardware firewall is something you may want to consider. A hardware firewall is a device that sits in between the internet and your network, protecting all computers on the inside from dangerous intruders on the outside.

As opposed to a software firewall (also known as a personal firewall), a hardware firewall is designed to protect ALL the computers on a network instead of just one PC. It is generally more efficient and cost-effective to purchase a hardware firewall (as opposed to several software firewalls) if you have three or more computers you need to protect.

linksys router image

A hardware firewall is a special device that is designed to prevent outside intruders from getting you’re your network (where they can then easily get into your PC’s and servers). Firewalls can be configured to prevent access to certain types of applications that are considered dangerous (like P2P file-sharing programs) by blocking the communication ports that these applications use. A firewall will also provide some protection against hidden spyware infections, as it can help stop outgoing data packets that an infected PC may be sending to a cyber-criminal.

A firewall is considered to be the first line of defense in protecting computers from unwanted “visitors” such as hackers, worms, and remote control applications via hidden spyware. Without firewall protection your network is an “open door” to the internet, and anyone (or anything) can easily come in and out. Even if you don’t have any important files to protect, hackers and curious intruders can easily kill all your computers, take control of your network, or damage hardware beyond repair. The small investment in a firewall is nothing compared to the cost of replacing or repairing computer equipment as the result of an intruder’s visit.

Hardware firewalls use various techniques to protect your network against intruders and other internet threats. All firewall rules can be configured to apply to outbound or inbound traffic, so giving you a lot of flexibility and control in how the firewall works. Hardware firewalls can be simple or very complex, depending on the size of the network they are designed to protect. High-end corporate firewalls should be installed by a certified technician, but most home office and small business firewalls can be set up by anyone with a general understanding of networking and good technical ability.

Most hardware firewalls use some form of packet filtering, which is somewhat like a "checklist". Certain types of data packets are allowed through, and others may be blocked. If a packet attempting to travel in or out of a network meets the criteria set for "blocked", it is not allowed to pass.

Another technique that is often used with hardware firewalls is called Stateful Packet Inspection, also known as SPI. With SPI, a hardware firewall analyzes additional characteristics of the data packet in order to determine what to do with it. It checks to see where the packet came from, if it was sent as a response to a user request for information, if it just "appeared" out of nowhere, etc... Combined with packet filtering, SPI really makes a firewall appliance "smart", as it can make decisions whether to block or allow data packets based on logical analysis.

Depending on the type of network they are designed for, hardware firewalls can cost anywhere from $100 for a home firewall appliance up to several thousand dollars for an enterprise-class device. Simple (easy to install and configure) hardware firewalls designed for home use are offered by D-Link, Linksys, and NetGear. SonicWall and HotBrick are very popular hardware firewalls for small and medium businesses.

For more information, see my Hardware Firewalls page. Another good resource for firewall information is Virus&Spam at bellonline.com

White Hat Security Guide "How To Hack With Telnet"

White Hat Security Guide "How To Hack With Telnet"

This is a White Hat computer security training guide. To use this guide you must have your own TCP/IP network. This can be as simple as two computers connected over a single wire connection or as complex as a network with thousands of routers. Casual readers are advised that if you use these procedures on any network, such as the networks connected to the Internet, without the permission of the owner that it could be a violation of national or international law. If you are responsible for the security of one or more Internet networks this guide can significantly enhance your understanding of how exploitation of networks is accomplished using the very simple hacker Telnet protocol.

Up to $25 OFF Kaspersky Lab Products

Telnet is an Internet Network Virtual Terminal (NVT) protocol that is easier to use than to explain. The Telnet protocol is used by other Internet applications, such as the Control Connection in FTP, so knowledge of Telnet is useful within multiple applications. This general applicability of Telnet within the Internet enables a hacker to reap lots of information and potentially exert control over many applications. By using Telnet, a human hacker can emulate any number of Internet applications disguising the human as just another Internet computer.

Within the Internet, each application (Well Known Port) is assigned a number in accordance with Internet Standard 002. A few of these numbers are enumerated below:

Internet Application Numbers

FTP
21
Telnet
23
SMTP
25
WWW
80

WWW Example - Use of Telnet to emulate a WWW client for information gathering.

telnet 192.168.1.1 80  
Telnet to server application port 80
note: the server will not provide an automatic response...
GET / HTTP 1.1  

Instruct the WWW server to return 
data using HTTP 1.1 format

HTTP/1.1 200 OK
Date: Mon, 05 Nov 2007 14:55:33 GMT
Server: Apache/2.2.3 (FreeBSD) DAV/2
PHP/5.1.6 with Suhosin-Patch mod_ssl/2.2.3 OpenSSL/0.9.7e-p1
Last-Modified: Mon, 08 Oct 2007 00:41:47 GMT
ETag: "1c8216-2562-847088c0"
Accept-Ranges: bytes
Content-Length: 9570
Connection: close
! Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/
xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

 
Lots of information is returned. We see that the 
web server is running on a FreeBSD Unix server. 
The WWW server is Apache version 2.2.3. 
The server is also running PHP version 
5.1.6 and SSL version 0.9.7.

SMTP (email) Spoofing Example - Use of Telnet 
to hack (forge) email

telnet 192.168.1.1 25  
Telnet to the email application
Trying 192.168.1.105...
Connected to host.
Escape character is '^]'.
220 192.168.1.105 ESMTP Sendmail 8.13.8/8.13.8; Mon, 5 Nov 2007 10:42:59 -0500 (EST)
 
Server response.
HELO SANTA.ANY-REAL.ADDRESS  
Make up a hostname...or pick a real hostname 
from DNS
The remote server returns  
250 192.168.1.105 Hello [192.168.1.100], 
pleased to meet you
MAIL FROM: <SantaClaus@localhost>  
Type any address you like
Server accepts address  
250 2.1.0 <This email address is being protected from spambots. You need JavaScript enabled to view it.>
... Sender ok
RCPT TO:<This email address is being protected from spambots. You need JavaScript enabled to view it.>  
This should be a username used within this domain...
Server checks its usernames then replies Recipient ok
DATA  
Server replies 354 Enter mail, end with "." 
on a line by itself

Type your message followed by a line with just a period.

.

 
Server replies 250 2.0.0 lA5FgxM4000833 Message accepted for delivery
quit  
Server replies 221 2.0.0 192.168.1.105 closing connection
Connection closed by foreign host.

Resulting Message...

From This email address is being protected from spambots. You need JavaScript enabled to view it. Tue Nov 6 12:04:30 2007
Date: Tue, 6 Nov 2007 12:01:19 -0500 (EST)
From: This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject: Email Forgery
To: undisclosed-recipients:;

This email was forged using the Telnet protocol.

Summary

Telnet is a simple protocol designed to provide compatible terminal services across TCP/IP networks. The simple character mode design of the Internet Protocols like Telnet make them great tools for hackers looking for information about your hardware and software infrastructure. Telnet provides you with an excellent White Hat tool to familiarize yourself with this level of network interactions. The knowledge will prove itself invaluable as you configure routers, switches, and other devices on your network.