- #1
liokaiser
- 4
- 0
is it possible to hack a computer if it has a firewall?
Can Firewalls Protect Computers from Hacking?
Click For Summary
Discussion Overview
The discussion revolves around the effectiveness of firewalls in protecting computers from hacking attempts. Participants explore various types of firewalls, their configurations, and the general principles of computer security, including the importance of keeping systems updated and disabling unnecessary services.
Discussion Character
- Exploratory
- Technical explanation
- Debate/contested
- Conceptual clarification
Main Points Raised
- Some participants assert that it is possible to hack a computer even if it has a firewall, particularly if the firewall is improperly configured.
- One participant mentions that client firewalls like ZoneAlarm may not provide adequate protection against skilled hackers, while hardware-based firewalls on routers are considered more effective.
- Another participant emphasizes that keeping systems updated and disabling unnecessary services can significantly enhance security.
- There is a viewpoint that software-based firewalls are ineffective and propagate fear, suggesting that a proper firewall, such as a Cisco PIX, is necessary for serious protection.
- Some participants recommend using Linux for better control over system security and suggest various security tools and resources for learning.
- One participant shares their experience with NAT devices, claiming they provide sufficient protection for home users.
- Several participants express interest in learning more about internet security and seek recommendations for resources or books.
Areas of Agreement / Disagreement
Participants generally agree that firewalls can be bypassed if not configured correctly, but there is no consensus on the effectiveness of different types of firewalls or the best practices for securing a computer. Multiple competing views on firewall efficacy and security practices remain present.
Contextual Notes
Some participants reference specific tools and configurations without detailing their effectiveness or limitations. The discussion includes various assumptions about user knowledge and the context of hacking attempts.
Who May Find This Useful
This discussion may be useful for individuals interested in computer security, particularly those looking to understand the role of firewalls and best practices for protecting their systems from hacking.
- #2
- 1,902
- 3
Simple Answer: Yes
Long Answer: If a hacker knows your ip address they could run a nessus scan to find any vunerabilities that will allow me to gain access to your computer. With this information they would download the hack coresponding to the exploit if they don't already have it on their computer. Once in your system they can use a program to escalate their user previlages. From there they could steal or deface anything they want. Depending on how well you configure your firewall and services (web server, ftp, telnet, ssh), will determine how difficult it would be to gain access.
By the way. I think I hear your boss calling you from Max Online
Long Answer: If a hacker knows your ip address they could run a nessus scan to find any vunerabilities that will allow me to gain access to your computer. With this information they would download the hack coresponding to the exploit if they don't already have it on their computer. Once in your system they can use a program to escalate their user previlages. From there they could steal or deface anything they want. Depending on how well you configure your firewall and services (web server, ftp, telnet, ssh), will determine how difficult it would be to gain access.
By the way. I think I hear your boss calling you from Max Online
- #3
- 19,917
- 10,945
liokaiser said:
No system is absolutely safe, that is just a general principle. What type of firewall you have is important. Those client firewalls like zonealarm are better than nothing and keep out the script kiddies, but won't do a thing if a hacker knows what they're doing. Firewalls on a router however are a lot better because it's hardware based and the contact point is away from your computer.
- #4
liokaiser
- 4
- 0
Thanks for the replies.
dduardo, how do u know?which country are u from?
i like to learn more about internet security and how i can protect my pc.
any pointers on where to start?or perhaps some books?
dduardo, how do u know?which country are u from?
i like to learn more about internet security and how i can protect my pc.
any pointers on where to start?or perhaps some books?
- #5
- 1,902
- 3
liokaiser, I'm from the US. Do a google search on traceroute.
The best way to protect yourself and learn about security is to use linux. You would be amazed at how tight you can control your system. You can do everything: encrypted filesystems, low level stateful packet filtering, chroot jails, mandatory access control policies, intrusion dectection, honeypots, security auditing, etc.
I recommend using Gentoo Linux. Although the install is said to be someone complicated (Personally, I don't think it is), the Gentoo group did an excellent job writing step by step instructions. If you follow the instructions you should have minimal problems. When you do install make sure you have plenty of time on your hands. Depending on how fast your computer is, how fast your internet connection is, and how experienced you are, the install can take anywhere from one day to a week. You can stop anytime in the middle of the install and start again anytime.
Here is their site:
http://www.gentoo.org/
You can download a cd image from here:
http://www.linuxiso.org/distro.php?distro=45
The installation manual is here:
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml
If you want the to learn about the adding security features read this:
http://www.gentoo.org/doc/en/gentoo-security.xml
Once you finish the install here are some applications you might want:
http://www.insecure.org/nmap/
http://www.nessus.org/
http://www.snort.org/
http://firehol.sourceforge.net/
To install these applicaitons in gentoo simple do:
emerge nmap
emerge nessus
emerge snrot
emerge firehol
Here are some generic security sites:
http://www.securityfocus.com/
http://www.astalavista.com/
http://www.us-cert.gov/
http://www.sans.org/index.php
The best way to protect yourself and learn about security is to use linux. You would be amazed at how tight you can control your system. You can do everything: encrypted filesystems, low level stateful packet filtering, chroot jails, mandatory access control policies, intrusion dectection, honeypots, security auditing, etc.
I recommend using Gentoo Linux. Although the install is said to be someone complicated (Personally, I don't think it is), the Gentoo group did an excellent job writing step by step instructions. If you follow the instructions you should have minimal problems. When you do install make sure you have plenty of time on your hands. Depending on how fast your computer is, how fast your internet connection is, and how experienced you are, the install can take anywhere from one day to a week. You can stop anytime in the middle of the install and start again anytime.
Here is their site:
http://www.gentoo.org/
You can download a cd image from here:
http://www.linuxiso.org/distro.php?distro=45
The installation manual is here:
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml
If you want the to learn about the adding security features read this:
http://www.gentoo.org/doc/en/gentoo-security.xml
Once you finish the install here are some applications you might want:
http://www.insecure.org/nmap/
http://www.nessus.org/
http://www.snort.org/
http://firehol.sourceforge.net/
To install these applicaitons in gentoo simple do:
emerge nmap
emerge nessus
emerge snrot
emerge firehol
Here are some generic security sites:
http://www.securityfocus.com/
http://www.astalavista.com/
http://www.us-cert.gov/
http://www.sans.org/index.php
Last edited by a moderator:
- #6
liokaiser
- 4
- 0
dduardo,thanks for the detailed guide.
i will work on it soon.
i will work on it soon.
- #7
The_Professional
- 430
- 2
liokaiser said:
YES, if the firewall is configured improperly. Disabling unneeded services adds another layer of protection as well.
- #8
PRodQuanta
- 341
- 0
I am in the process of reading Hacking for Dummies. All of the below has been explained in the book. Very, very interesting.
Paden Roder
P.S.- Of coarse I am an Ethical Hacker.
Paden Roder
P.S.- Of coarse I am an Ethical Hacker.
- #9
Anttech
- 237
- 0
Hacking is a missused term IMO, a hacker is in the open source community is a person who has a deep knowledge of computers programing networks etc etc, a Cracker is one who trys to break into your computer!
Software based client firewalls are a joke, they serve no purpose but to propagate fear. If you keep your system up to date, and disable unneed services (as mentioned above) then you will be safe for 99.9% of crackers... I have reviewed Zonealarm before and it dialogue box pops up when it hears harmless network chatter and claims that it had just "stoped a hacker from compromising your system" Thus propagate fear!
Zone Alarm etc are not statefull firewalls and thus are useless, they do not analyis packets and drop "funny" ones...
If you are that keen on knowing if people are connecting to you Computer, then download something free like TCP viewer for Windows from sysinternals
http://www.sysinternals.com/ntw2k/utilities.shtml
If you think you need a firewall then buy a proper one like a Cisco PIX that does proper deep scanning of packets NAT (DMZ) VPN etc etc...
To be honest a NAT device is probably all you need as this will wean out most people who are tring to crack your PC... I have been online for a long time and never have had my computer Cracked... At my work we have a LOT of people try to crack our systems, and thus we use proper firewalls IDS etc etc... But that is difference most Black hatter are not after 1 person they are after corporations!
Software based client firewalls are a joke, they serve no purpose but to propagate fear. If you keep your system up to date, and disable unneed services (as mentioned above) then you will be safe for 99.9% of crackers... I have reviewed Zonealarm before and it dialogue box pops up when it hears harmless network chatter and claims that it had just "stoped a hacker from compromising your system" Thus propagate fear!
Zone Alarm etc are not statefull firewalls and thus are useless, they do not analyis packets and drop "funny" ones...
If you are that keen on knowing if people are connecting to you Computer, then download something free like TCP viewer for Windows from sysinternals
http://www.sysinternals.com/ntw2k/utilities.shtml
If you think you need a firewall then buy a proper one like a Cisco PIX that does proper deep scanning of packets NAT (DMZ) VPN etc etc...
To be honest a NAT device is probably all you need as this will wean out most people who are tring to crack your PC... I have been online for a long time and never have had my computer Cracked... At my work we have a LOT of people try to crack our systems, and thus we use proper firewalls IDS etc etc... But that is difference most Black hatter are not after 1 person they are after corporations!
Last edited by a moderator:
- #10
syano
- 82
- 0
Agreed, 100%
Last edited by a moderator:
- #11
Dagenais
- 293
- 4
Instead of changing your OS, http://www.symantec.com/index.htm has a lot of advice for keeping your PC safe.
They also have an Online Tester.
Last edited by a moderator:
- #12
The_Professional
- 430
- 2
Linksys makes those cheap blue/black routers with NAT and other fancy features. A pretty good, adequate protection for the home user. I recommend it. Just don't forget to change the default username and password.
Either that or configure an old box with Linux IPchains. But for that you got to learn linux first ;)
Either that or configure an old box with Linux IPchains. But for that you got to learn linux first ;)
Last edited:
- #13
Nec
- 50
- 0
I have tried to connect my comp with the old one at the corner using a router, don't know why but blue message is shown up saying "refuse"...
why ?
why ?
- #14
Concord
- 14
- 0
(sigh...)Nec said:I have tried to connect my comp with the old one at the corner using a router, don't know why but blue message is shown up saying "refuse"...
why ?
- #15
HBar
- 67
- 0
http://www.catb.org/~esr/faqs/smart-questions.htmlNec said:I have tried to connect my comp with the old one at the corner using a router, don't know why but blue message is shown up saying "refuse"...
why ?
- #16
Anttech
- 237
- 0
lol...
I love that link :-)
STFW... and RTFM :-D
I love that link :-)
STFW... and RTFM :-D
- #17
Nec
- 50
- 0
Thanks Senpai for givingme a sigh! :DConcord said:
Nomikai Ropongi next time ? :D
Similar threads
- · Replies 12 ·
- · Replies 12 ·
- · Replies 3 ·
Calculators
Anti-virus and Internet Security Software
- · Replies 29 ·
- · Replies 3 ·
- · Replies 1 ·
- · Replies 2 ·
- · Replies 2 ·