Firewall questions

Log Out | Lost Password? | Topics | Search Contact | Register | My Profile | SO home | MOL home

Thread Originator Last Poster Posts Pages Last Post   Closed: New threads not accepted on this page

Author Message   jgberkeley Supporter Username: Jgberkeley Post Number: 3123 Registered: 5-2001 Posted on Friday, September 5, 2003 - 9:56 pm:        OK, all the worms and what not got to me. I own a Mcafee firewall and the software is kept current. I just never turned it on. So this week I did. Ok, I know a lot about firewalls in general, but once I turned it on.....Well there is a lot that I do not know. I got tons of messages from applications trying to connect out, then from applications trying to connect in. The problem was that the messages are so terse, I hardly have a clue where they are comming from. Several applications stopped working including AOL. I mucked thru and got AOL working but gave up. I removed the firewall for another day. Any clue where I can learn what all this is all about?   lseltzer Citizen Username: Lseltzer Post Number: 1690 Registered: 5-2001 Posted on Friday, September 5, 2003 - 10:42 pm:        Have you tried reading the documentation?   Joan Citizen Username: Joancrystal Post Number: 1910 Registered: 5-2001 Posted on Saturday, September 6, 2003 - 9:27 am:        Are the security settings on your firewall adjustable?   jgberkeley Supporter Username: Jgberkeley Post Number: 3124 Registered: 5-2001 Posted on Saturday, September 6, 2003 - 11:27 am:        Yes, I'm one of those guys who read that stuff. The documents with the firewall are pretty clear. The problem are the messages received. Like: IAP_trans : Attempted outbound connection. Ok the Attempeted outbound connection from the firewall is clear. Now how to I figue out which application IAP_trans is part of?? I seem to have many application (Process under Task Mgr) that all load at startup so I can even isolate the messages to a single application. I'm guessing that XP Update monitor is one of them but the messages are very cryptic and XP documentation does not get down to process names.   jgberkeley Supporter Username: Jgberkeley Post Number: 3125 Registered: 5-2001 Posted on Saturday, September 6, 2003 - 11:28 am:        Joan, yes the settings are adjustable.   Joan Citizen Username: Joancrystal Post Number: 1913 Registered: 5-2001 Posted on Saturday, September 6, 2003 - 1:33 pm:        George: Try visiting McAffee's website. If the information you need is not available on line, you should be able to e-mail their tech support people a list of the questionable messages and receive a translation in return. They would also be the best ones to tell you whether the messages you are receiving are worrisome.   lseltzer Citizen Username: Lseltzer Post Number: 1691 Registered: 5-2001 Posted on Saturday, September 6, 2003 - 10:03 pm:        I'm guessing IAP_trans is the name of the process that attempted the outbound connection. If you're running Windows 2000 or XP you should be able to go into the Task Manager and see an IAP_trans process, and there would be an IAP_trans.exe somewhere on the system. Incredibly, Googling IAP_trans yields no results!   monster Citizen Username: Monster Post Number: 38 Registered: 7-2002 Posted on Sunday, September 7, 2003 - 2:51 pm:        Are you on a Dell? Iap.exe, I found the following: instrumentation Access Provider; component that queries the DellOMCI.mdb database for configuration information, builds the lookup tables, and routes data to a data provider; ensures serialization of BIOS access and consistency of data and reduces memory and disk requirements. The path is C:\Program Files\Dell\OpenManage\Client\Iap.exe the Dell OMCI is, Dell OpenManage Client Instrumentation, you can find more information on it here,http://support.ap.dell.com/docs/software/smcliins/cli7x/English/con_ug/manage.ht m The Dell OpenManage™ Client Connector Version 1.x User's Guide can be found here http://support.ap.dell.com/docs/software/smcliins/cli7x/English/con_ug/index.htm   OK, it's Tom Reingold Citizen Username: Noglider Post Number: 477 Registered: 1-2003 Posted on Monday, September 8, 2003 - 5:44 pm:        I wouldn't be happy with only a software firewall. I think you need a hardware firewall if you have DSL or cable modem service. Adding a software firewall to that is fine. The current crop of home routers work well as firewalls. Vendors are Linksys, Dlink, and Netgear. I'm most familiar with Linksys and can help anyone set one up. Tom Reingold   Brett Citizen Username: Bmalibashksa Post Number: 115 Registered: 7-2003 Posted on Monday, September 8, 2003 - 7:57 pm:        Tom: I disagree with your hardware firewall. I can understand the need in an office with an experienced system administrator, where there is a ton of time sensitive data. But for a home or home office adding the hardware firewall may add more holes then a simple software firewall. I think the average home computer user is just trying to stop the occasional virus or worm. A full blown attack is extremely unlikely. Hackers go for web sites and company data, not your mother’s pasta sauce. It’s almost like saying “You’d be much safer wearing a helmet in the shower because accidents happen there”. jg: As far as McAfee is concerned when a program asks for access to the internet, check the program name in Google. It’ll tell you everything you need to know. Taking the time to run it through a message board is extremely time consuming, Google is quick and easy.   Brett Citizen Username: Bmalibashksa Post Number: 118 Registered: 7-2003 Posted on Monday, September 8, 2003 - 8:24 pm:        Tom: I forgot to add. I have a hardware fire firewall, but I had mt sys admin install it for me.   lseltzer Citizen Username: Lseltzer Post Number: 1699 Registered: 5-2001 Posted on Monday, September 8, 2003 - 11:42 pm:        Very few of those home routers are actual firewalls. They block far less than you think.   AZ Citizen Username: Azaltsman Post Number: 192 Registered: 1-2003 Posted on Tuesday, September 9, 2003 - 11:34 pm:        Hardware firewalls are the way to go because they block most, if not all common attacks on the Internet. They are also far easier to configure and maintain the software firewalls. Even a basic DSL/Cable router offers ample protection for home needs. Without getting too technical, you should divide the security of your home systems in two layers -the network layer - which is the actual Internet connection and the application layer - which you can think of as the Windows operating system in this context. Hardware firewalls divide the private network (your home) and the public network (the Internet). Just having the division is excellent, though technically not foolproof, security. Hardware firewalls will not prevent application layer vulnerabilities. An example of this is an e-mail you receive while behind the firewall. The hardware firewall has no knowledge of what an e-mail is and lets the e-mail through to your e-mail software (Outlook, Outlook Express, etc). You open a nefarious attachment and it destroys your computer. For this you need anti-virus software, not a firewall. However, using the MS Blaster worm as an example, it seeked out computers with a particular vulnerability in Windows but it did so at the network layer. So if your neighbor got infected because his computer was directly on the Internet without a firewall the worm would hunt out other computers on the Internet without a firewall and, if they did not have the Microsoft patch (which most of the planet did not have) it would infect the target computer and the process starts over again. In this case, a hardware firewall would have protected you because your computer would not be on Internet directly. Software firewalls can offer more flexability such as detection of spyware, abnoxious cookies, etc. However, as Jgberkely is discovering, they are a nightmare to configure and maintain.   OK, it's Tom Reingold Citizen Username: Noglider Post Number: 479 Registered: 1-2003 Posted on Wednesday, September 10, 2003 - 10:52 am:        There's nothing wrong with having both a hardware and software firewall. And it is terribly naive to think that if you're not a company, you're not a target. Hackers don't sit at their desks figuring out who their next targets will be. They write programs to scan all possible addresses and unleash them. The programs then work around the clock. That makes everyone an equal target. Think of a hardware firewall like "The Club" on your steering wheel in a bad neighborhood. It's not that hard for a thief to thwart, but given two equally hard cars to break into, he'll choose the one without The Club. I have seen logs of systems that are subjected to these automatic scans. These hardware firewalls objectively and measurably block plenty of attacks. Sure, they're not as good as an expensive one, but they're worth the $40 they now cost. What a deal! Tom Reingold   Brett Citizen Username: Bmalibashksa Post Number: 127 Registered: 7-2003 Posted on Wednesday, September 10, 2003 - 11:50 am:        When you write a program to probe for an ip address you also have to find a port in order to get in to the computer. McAfee is usually set up so that none of your ports respond to a probe, therefore your computer never shows up as an address that has a computer on it. So you’re invisible to those particular attacks. The other thing that might happen is if Dave decided to ask every computer that logged on to SO/MOL for its IP. Mcafee will supply the IP address of your ISP again masking the fact that you exist. This method of protection is called “Security through Obscurity” So with out getting your address in those to ways the other option is to guess. This is where “Host Security” comes into play, this is a firewall on the machine itself. A hacker would have to choose an attack on an IP. Lets say 66.33.118.129 for example, The hacker would have to check every port while running scripts for NSllSlog.dll, Default.ida, or cmd.exe?/c+dir. The hacker might even look for Robots.txt to find a list of things that the computers owner does not want him to see. In these particular cases Linux wouldn’t return any response, windows might. Linux boxes are tricky; the hacker might focus on trying to insert a script into index or default.htm on port 80. Let’s say at this point the hacker gets into the file system. I’d have to imagine on 66.33.118.129 they would try to head right for the database of emails, when they get there they deal with another wall of security that the database has set up (unless they’re flat files but I doubt it). But what would be interesting on your home computer? If you have files full of passwords and credit card numbers you should encrypt it, other then that the hacker would only get a letter to Aunt Marge. As for crashing the system, backup once a month and have a recovery disk. Tom the redundancy that I was referring to is the “Network Security”. Network security allows one place to update, configure, and manage a fire wall for many computers. Host security would be crazy if the users had to an update with 10 computers, but very manageable when there is only one or two home computers. Also a hardware fire wall is just another computer running software (firmware actually). In effect you hook a computer to the internet and then hook your computer to it, added complication in my opinion. The hardware and software fire walls are the exact same. All you’ve done is created two firewalls. A nice compact easy to use firewall is the best option for basic computer users, there is no reason to muck up things with extra hardware. Even if someone feels the need to go through these extra steps, rest assured they will leave something open. Try this site to check and see how you did http://grc.com/default.htm. The program is called Shields Up.   Brett Citizen Username: Bmalibashksa Post Number: 130 Registered: 7-2003 Posted on Wednesday, September 10, 2003 - 12:25 pm:        Tom: The explination above was for others reading the board not you. We're computer geeks, we complicate everything   OK, it's Tom Reingold Citizen Username: Noglider Post Number: 485 Registered: 1-2003 Posted on Wednesday, September 10, 2003 - 2:37 pm:        Assuming I'm a sophisticated hacker, once I break into your computer, I mess with your software firewall and make it ineffective while letting you believe it still works. Therefore, the most effective firewalls are separate from the computers that they protect. Tom Reingold   Brett Citizen Username: Bmalibashksa Post Number: 132 Registered: 7-2003 Posted on Wednesday, September 10, 2003 - 2:45 pm:        I would mess with your hardware firewall, what's the diffrence?