 |
 Firewalls and Leak Tests: face-to-face battles
July 19, 2004 - Part I
Some modern security considerations
Nowadays, online data security is a critical concern. Often in the media we hear worrisome news of someone misusing somebody else's information, cases of loss or theft of data and various equipment malfunctions. Ardent calls to increase the level of online data protection are being responded to by an increasing number of security-aware individuals and institutions. These have either already obtained some kind of online data protection technology or are contemplating its acquisition.
Many of our visitors may already know that the tool for protecting their PC's against online threats and Internet attacks is called a Firewall. Firewalls are engineered to be a defensive barrier between you (or your PC) and other people (or their PCs). Factually, they provide a decent level of protection from most simple and routine threats, but when it comes to serious attacks, when a hacker is determined to harm your computer, who at the end will be victorious, you or the attacker? How, in the broad sense, can we put our firewall to a real-life test without sacrificing our security and time?
For every product on the market there exists a number of methods of testing it. When we buy a new car, it has already been run through multiple tests on performance, safety and durability, performed by factory controllers and skilled test drivers. Yet, after the sale, consumers often find theirs defective, even dangerous and requiring costly repairs, all because they simply subjected their auto to real-life circumstances and undoubtedly the most demanding test ever, the test of time.
Similarly, Firewall programs are extensively tested by their developers on every conceivable aspect, yet they still bear defects and weaknesses; tiny flaws are missed by even the most assiduous tester. When the product finally hits the market, trusting users are betrayed by a false sense of security.
Common functions of Personal Firewalls
Modern Firewalls are versatile; they are intended to protect their users from malicious incoming data, block data that is not to be transmitted, mask their presence on the Internet from potential intruders, be able to restrict Internet access only to programs the user chooses, ban the display of websites with offensive content, and so on. Each of these functions effectively executed is critical for anyone to safely access the Internet or any other network; any weakness in this chain will quickly be exploited with devastating results. A fact of life is that unless you test with real-life simulations, you cannot, should not and must not believe for a moment that your system is safe and secure.
Today, we will discuss methods of testing the ability of a firewall to block unintended outbound traffic, the data leaving your computer without your permission toward other PCs on a network, especially the Internet. Outbound data blocking is crucially important, and any Firewall must be able to protect its users against the dissemination of their personal data to unauthorized individuals.
How can information leave your computer without your permission or even your knowledge? Many programs running on Windows need to transmit data via the Internet. Your Internet browser is the most obvious example of these; its job is to send and receive data through the Internet. Other software that sends out data is your E-mail client that logs onto your mail server and requests new correspondence to your Inbox, and MS Office applications can search Internet resources for new databases, forms and templates. All of these initially request bits of information and send data packets to remote hosts.
It's obvious that more and more legitimate programs installed on our PCs try to establish Internet connections. Without a Firewall, we couldn't possibly know how each program behaves when it's run or what type of network interactivity each attempts. At this time and probably forever more, Firewalls are essential and thanks to this powerful tool, we are able to specify which program should be assigned what network permissions to exchange data. We can now be entirely scrupulous in stipulating access levels to the various applications running on our systems. By implementing manual access rule creation, we can "educate" a Firewall with unlimited possibilities to send and receive data, and can easily designate which programs should keep quiet!
"Soft" misdemeanor
Not every program behaves in an open and friendly manner. There are a multitude of programs constantly being pushed on us that are harmful and even dangerous. Some are written by very skilled, but morally challenged programmers with the intent of retrieving other people's personal information. So much software has been written for illicit purposes that it's not even necessary to know much programming to use them. Children with more privilege than decency, called script-kiddies, use these programs to explore others' computers and occasionally wipe someone's hard drive just because they didn't like something about him, like his name or address. Not having your machine shielded should keep you anxious! These malicious programs (malware) pursue different objectives, but use similar mechanisms-they transmit information from your PC to those of interested parties.
Trojan horses, viruses, worms and spyware all use holes in your outbound data protection to leak your private information. In many cases, the result can be credit card theft, a complete loss of all your vital data and/or that data made public. Scary? Yes, indeed! What's more, if your computer is on a corporate network the hacker could gain entry to the corporate database. If credit card or other financial data were compromised the damage could very easily cost millions to repair.
The simple solution to all these various and intricate problems and consequences is to install and use a strong firewall to close any security holes to outbound data.
A pertinent question is how can you uncover flaws in your personal firewall protection? Typical users generally believe the promises of software manufacturers that their software is invincible and able to protect against all outside attempts by blocking, denying access to and neutralizing all malicious programs. Usually at the time the new firewall is released, each manufacturer sincerely believes in its reliability and performance. Unfortunately, this faith is often misplaced. Most firewalls in the process of their operation reveal small errors that eventually lead to a hacker gaining access to your system.
Read next:
Continue to Part II
|
|
