Today’s topic was sparked by a recent influx of worms attempting to take over one of the public servers that I manage. Basically, I constantly get log notifications for the firewall (yes, I actually read logs!) saying that all these attack signatures are being detected against programs running on one of my servers.
These programs are IIS 7 (web server, Internet Information Services) and MSSQL Server 2008 R2 (Microsoft Standard Query Language Server). In the past when I ran my own computers on an un-firewalled internet connection (public wi-fi, home DSL), with home security software installed (like Norton 360), I have also noticed these types of log messages and popup warnings.
Most people (I’d estimate at least 50%) probably have some sort of broadband, un-firewalled, connection setup in their home that is directly connected to their computer. Most people probably subscribe to some security solution like Norton 360, and they probably run some sort of firewall. Normally, these firewalls catch all the bad stuff that can harm your computer, but stuff still could potentially come through.
Although there will always be loop holes for these security vulnerabilities, there is another means of protection that most people would NEVER think of! If you’re thinking Wireless router from the local Wally World (Wal-Mart), you read my thoughts. Yes, Wireless routers don’t just share an internet connection wirelessly like most people think.
So what else does a wireless router do? A wireless router is simply a ROUTER with a wireless ability built into it. Routers are complex pieces of engineering that connect many computers together. Without getting into too much detail, routers connect two separate networks together to bring multiple endpoints together. The internet has many subnets that are connected to each other through routers. Think of the telephone system when I mention this, more specifically area codes and dialing prefixes. The area code for Matthouse is 716, the prefix is 584. So 1-716-584-xxxx gets routed to a particular telephone. In my example, when you dial the full number, 1 means connect to the main US router which knows all the US phone area codes. Next, 716 means connect to the router which handles the Western New York area prefixes, then finally that router sends the call to the router than handles the 584 prefix. That router then is practically directly connected to the xxxx number which will ring a phone and help establish your connection. The internet is connected in a similar fashion.
Traffic is sent in internet packets that run on a certain port number. For simplicity, a port is required to connect to a computer. Computers listen on ports for connections and there are 65535 possible ports. You might think of a port like a way to get to your house from the road at your address. Each drive way is a unique path in and it accepts only a certain type of car. Hackers tend to send a car into that drive way that acts and looks like the car it accepts, but once it’s in, it can cause havoc in your home (computer).
So what am I getting to? Routers connect different networks, so they inherently have to forward all the traffic from one network to another, including all the ports. Since ports are easy ways to get into your computer (provided your computer is actively listening / accepting on that port), hackers tend to go for these ports. Some ports on web servers (like port 80) are absolutely necessary to leave open, but other ports like 5109 (which happens to be the AOL Instant Messenger port) probably isn’t needed on that web server. For a home computer, blocking all the ports inbound to the computer is probably smart, while allowing all the outgoing ports from the computer to the internet.
NOTE: I probably should add that with outbound connections through firewalls, if you request something from an external source (say a webserver) while having all incoming connections blocked, you will still get the response from that external source. Firewalls are smart about allowing replies back through while blocking all new connections that are probably hacker initiated.
BOTTOM LINE: All computers have different needs. A wireless router when added to your network will block all incoming ports by default and allow all outgoing connections on all ports. Therefore, by adding one of these cheap boxes, you’re not only gaining a wireless network access point, but you’re also protecting yourself from the nasty dangers of hackers that probe computers for open listening ports. Since many ISPs provide un-firewalled public IP addresses to residential customers, those customers would be wise to install one of these routers. Who knows, it might save their computer from a severe attack from a hacker some day! I’ve also found that when I run a firewall in terms of a router, I don’t need as much protection from Norton 360 on my computer, so I basically have a faster computer (it isn’t working on blocking bad stuff anymore).
Hopefully this helps you!
More From FamousPhil.com
Tags: Firewall, wireless router
Posted in Technology
Thank you for this lovely story, even though it took quite a long time to understand. (English is not my native tongue) Can I ask where you get your sources from? Thanks! Reinaldo
My source is my college education and self learning. If I use someone else’s content, they will receive the appropriate attributions.
Keep up the good work. Everyone is opened to there opinion. Excellent blog here, i am still reading
Lastly, you’re CAPTCHA is fixed and I can comment once more, I utilised to sort in the accurate letters and it would fail every time.
Community – I should really exclaim, impressed with your site. I had no trouble navigating through all the tabs combined with knowledge had been incredibly painless to access. I ran across what I expected soon in the slightest. Along with beneficial. Might probably appreciate it in the event you add user discussion forums as well, it becomes much easier a optimal way for your customers to work together. Exciting role..
Along with blog post. I just stumbled upon your blog combined with wanted to assert that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed coupled with I hope you piece of content once more rapidly.
Every single piece of writing I have read through is really well written and published as well as to the point. I would certainly moreover like to point out, not simply are your articles or blog posts most certainly written and published, but the style of your web page is great. It was straightforward to find the way from write-up to piece of writing and get everything that I was wanting for with no difficulty. Maintain up the great deliver the results you are performing, and I will be back quite a few times in the near future.
writing is very dull, it definitely is worth your time in which you dedicate.
Nice site,i have bookmarked it for later use, thanks.
It’s been long since I have read such a well composed blog. I appreciate your sincerity and hard work that you must have put in your writings. I wish you good luck with your upcoming posts.
Nice…
Thanks, I always love a good read. Dont stop posting!…
Nice post, look forward to visiting again soon. Will retweet this one for you, so others can enoy.