Firewall? OR Sasser virus thread

[Sneaky]

I've never had an active firewall for as long as I remember. I just read an article on Firewalls because I want to know why people use them. Ever since my folks upgraded to DSL, we've always had a linksys router. First, the model that was supplied to us via Earthlink [i.e.: ended up shitting on us], and last year at some point I went ahead and bought a WRT150N, which has been superb IMO.  In the article, it explains that hardware firewalls [routers] are extremely secure and easy to configure.  I have static IPs set up on my network [like my laptop never changes from 192.168.1.102, as an example.] I forward certain ports for uTorrent and other games/etc that need it.

Do I NEED a firewall? I've only had a bad viral infection via limewire when I used to use that, and that was due to my own stupidity at the time. [some virus with a hello kitty logo] Ever since then, I just scan every week or more than once a week with Spybot and Ad Aware. I also use the Powersuite from Uniblue every once in a while to speed things up, clean the registry, etc.  I never see my PC [any of them] slow down or get infected just through normal internet browsing. It would have to be deliberately downloaded adware hax/keygens warez kind of shit for me to get anything remotely bad. The worst I've had it since the hello kitty thing are tracking cookies, and everyone has that.

Ideas? comments, etc.

[Bobbias]

Routers act as a firewall. The simple fact that you need to forward your ports at all is because of that. Without any sort of firewall, a couputer's ports are all open. That means that your computer will respond to pings, and to all sorts of other more nasty things that can be done (ICMP commands and such).

Firewalls really protect you from quite a few things. they can protect you from many viruses and such that use known security holes in programs by blocking the data from that virus before it gets to your computer. They're much more reliable than using a software firewall, and can be configured for all sorts of different uses.

Overall, firewalls REALLY help. Spectere can tell you a LOT more than I can here

[Spectere]

Routers act as a firewall.

Sorta.  Routers act as half of a firewall.  They prevent traffic from coming in but they do nothing to prevent your computer from actually requesting anything.  That said, that's pretty much going to protect you from any sort of remote exploit.  As long as you're in a trustworthy network (i.e. no wireless access or encrypted wireless access) and don't have to worry about the other computers connected to it you'll be fine with just that.

If you want to use a firewall ("just in case," or possibly because others can connect to your network), using Windows Firewall in conjunction with a consumer-grade router is good enough.  Windows Firewall is good enough that you don't really have to pay for a third-party solution, plus it's lighter and performs far better when compared to the more advanced offerings by McAfee and Symantec.

I personally use an outside firewall (currently a Linksys, though I might just throw a Linux system between the WAN and my LAN because I'm a fucking nerd) and no software firewall on my main system.  I have Windows Firewall running on my laptop because I connect it to other networks often.  It does its job well enough and stays out of my way unless I add a new program to the mix.

[Sneaky]

Yea, no one ever connects to mine because it doesn't broadcast, and it's WPA2-TKIP protected. My wireless N receiver on my desktop can pick up 2 other routers nearby that are also secured, so I never worry about anyone using my shit. 

[Spectere]

Yeah, WPA2-TKIP is quite good.  As long as you're not on WEP you're okay...WEP is a freaking joke (IIRC, it can be cracked within five minutes fairly easily).

So yeah, unless you're paranoid about the programs on your computer hopping online you shouldn't need a software firewall.

[Bobbias]

I'm only not running  WPA and all that crap because my friend had trouble connecting his old-ass laptop, and I still don't feel like figuring out which option works for both XP and Vista between the 2 computers on my network. Though I usually do have my network not broadcasting it's SSID (which is a great way to keep leachers off, unless they're really determined, lol).

[Spectere]

As long as you have file and print sharing selected in Windows Firewall SMB will work between XP and Vista with no problems.  I toyed with Windows Firewall when I first installed Vista on my new box and didn't run into any issues with it.  XP tends to be a bit more finicky (Vista pokes the holes in the firewall right when you enable file/print sharing; you have to do that manually with XP) but you can get it up and running without a whole lot of effort.

Disabling SSID broadcasting is a far worse solution than simply stepping up the encryption level.  It's not a bad thing to do, but it's really a false sense of security.  It doesn't take a whole lot of determination to connect to a network with SSID broadcast disabled.

[Bobbias]

True, I realize that all you need to do is sniff the packets going to the network, however, the average leacher won't likely bother or necessarily know how to sniff packets. And I was referring to encryption, I can get things working between computers to share stuff, but I haven't bothered messing with the encryption settings on my network yet.

[Spectere]

You don't even have to sniff packets going to the network.  The signal can still be detected, the name of the network just isn't listed.

It's far from a good substitute for encryption.  Disabling SSID broadcasting offers absolutely no security.  Enabling encryption, especially WPA, is almost painless (unless you have a DS, which only supports WEP because Nintendo apparently didn't think that DS owners might actually want to have a reasonably secure network).  I suggest doing it as soon as you can.

[Bobbias]

So, how would you find the name of the network without sniffing the packets? Where is the name if it's not broadcast?

And yeah, I will be enabling network security, I have had network scares before. One day a couple years ago, I checked my DHCP routing table and saw a bunch of random IPs listed with names made up of those annoying extended ascii symbols. Needless to day I immediately disconnected from the net, disabled DHCP and made sure my computers were statically routed.

[Spectere]

You need to sniff to get the name, but the access point can still be detected without the SSID being broadcast.  It's enough to make someone go "oh hey, look," sniff a couple of packets, and connect right up.  It is broadcast in cleartext over the air, after all; all it takes is some 1337 skr1p7 k1dd13 to yoink a few packets and connect.

But yeah, enabling encryption is a good plan.  That alone would be enough to scare off the would-be 1337 skr1p7 k1dd13z.  I recommend any form of WPA2 as long as all of your network devices support it, though I believe WPA2-AES is a bit more secure than WPA2-TKIP.  I know TKIP is vulnerable to a particular type of attack, though I'm not sure if it's a specific implementation of it or if it's always open to attack (the Wikipedia article wasn't very clear).

[Sneaky]

Thanks for your guys' inputs. I always learn something new when you two 'debate' or talk about this shit.  I'll keep without the software Firewall for now, and stay with my anti virus/spyware regiment.

[Bobbias]

Haha, yeah, these "debates" end up in me learning something most of the time as well. Ihad heard about an attack on one of the network encryption systems based  on listening to encrypted communication and trying to essentially guess the key somehow, but I'm too drunk and tired to find out what I'd heard.

[Spectere]

I'll keep without the software Firewall for now, and stay with my anti virus/spyware regiment.

Thumbs up!

I'm glad our collective nerdiness helped you out.

[Sneaky]

So I got the sasser virus yesterday. This basically exploits a hole in XP they released patches for a while back. Once you start your computer, and get to the desktop, about 30 seconds to a minute in an error message pops up stating that there was a problem with lsass.exe and the computer will shutdown in 60 seconds. You can abort the shutdown thru the Run menu, of course. BUT my case was special, as always. I have to log on to my computer to get to the desktop, so the error message popped up BEFORE I was given the option to click my user name and login.

Fun fun fun. So Initially I'm like, hey I'll just partition and install a new XP on my external hard drive. Right? Nah that didn't work very well after multiple attempts. I was leaning that direction so I could at least boot up and recover some important things from the desktop, then reinstall windows on the infected drive.

I decide to go get Hiren's boot CD [I'd already went thru the Ultimate Boot CD, with no tools I needed for this situation], and lo and behold it has 'MiniXP' on it. A bootable, working copy of XP you can use to fix certain situations. I copy my important things over, reboot, and reinstall windows after hiding my other drives so they weren't accidentally formatted since windows likes to screw with Drive letter assignments on the recovery screen.

Sasser virus: 0 Sneaky: 1

Time to invest in more windows updates and definitely a firewall.

Learn't my lesson