When the topic of "what firewall do you use" comes up, a lot of the answers will be macfee, zonealarm,,,,,, The train of thought that you only need a software firewall is flawed. If you only have a software firewall, your computer is not fully protected.
The goal of any good firewall is to protect your system. And that means stopping people from even touching your computer. With a software firewall, people from the outside world can connect to your computer, but the "software" of the firewall limits the intrusion.
Some parts of windows have to be granted access to the outside world for your internet connection to work. These services also open up certain ports - such as plug and play and printer ports.
Here is an example of a plug and play exploit.
http://www.microsoft.com/TECHNET/SEC.../MS05-039.MSPX
Quote:
Microsoft Security Bulletin MS05-039
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (89958
Published: August 9, 2005
Version: 1.0
Summary
Who should read this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution and Local Elevation of Privilege
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
|
Even though you might have a software firewall installed, if certain parts of the microsoft operating system are allowed to access the internet, your system could be subject to a security exploit. The very software that allows you to plug in a printer and the operating system detect it, can also open your computer up to security exploits.
There have even been reports of hacking getting into your computer by going through the memory used by the network card. The exploit is rather old and only affected certain brand names of cards. The hacker would send a packet to your network card, (not windows) which would then be sent to the memory in your system that the network card was using. Somehow, the person was then able to get into a windows service sublayer and access your computer. There was almost no defense against this type of hack, since it worked on a service level and not a user level. The affected network cards released a driver update that fixed the flaw.
This is where a hardware firewall comes in. These devices sit between your computer and your high speed connection. Most of these home routers provide some kind of limited network address translation and firewall. When you do a port scan of your internet connection, and you have a hardware firewall, the scan is hitting the home router.
when you run a port scan on your computer and you have a software firewall, the scan is actually connecting to your computer.
When a zero day exploit is released, even if you have a software firewall there is still a chance that you could be affected. With a hardware firewall that chance is very slight.
Threaded Mode
