Posted on: August 14th, 2010 by Famous Phil

Today’s topic was sparked by a recent influx of worms attempting to take over one of the public servers that I manage.  Basically, I constantly get log notifications for the firewall (yes, I actually read logs!) saying that all these attack signatures are being detected against programs running on one of my servers.

These programs are IIS 7  (web server, Internet Information Services) and MSSQL Server 2008 R2 (Microsoft Standard Query Language Server).  In the past when I ran my own computers on an un-firewalled internet connection (public wi-fi, home DSL), with home security software installed (like Norton 360), I have also noticed these types of log messages and popup warnings.

Most people (I’d estimate at least 50%) probably have some sort of broadband, un-firewalled, connection setup in their home that is directly connected to their computer.  Most people probably subscribe to some security solution like Norton 360, and they probably run some sort of firewall.  Normally, these firewalls catch all the bad stuff that can harm your computer, but stuff still could potentially come through.

Although there will always be loop holes for these security vulnerabilities, there is another means of protection that most people would NEVER think of!  If you’re thinking Wireless router from the local Wally World (Wal-Mart), you read my thoughts. Yes, Wireless routers don’t just share an internet connection wirelessly like most people think.

So what else does a wireless router do?  A wireless router is simply a ROUTER with a wireless ability built into it.  Routers are complex pieces of engineering that connect many computers together.  Without getting into too much detail, routers connect two separate networks together to bring multiple endpoints together.  The internet has many subnets that are connected to each other through routers. Think of the telephone system when I mention this, more specifically area codes and dialing prefixes.  The area code for Matthouse is 716, the prefix is 584.  So 1-716-584-xxxx gets routed to a particular telephone.   In my example, when you dial the full number, 1 means connect to the main US router which knows all the US phone area codes.  Next, 716 means connect to the router which  handles the Western New York area prefixes, then finally that router sends the call to the router than handles the 584 prefix.  That router then is practically directly connected to the xxxx number which will ring a phone and help establish your connection.  The internet is connected in a similar fashion.

Traffic is sent in internet packets that run on a certain port number.  For simplicity, a port is required to connect to a computer.  Computers listen on ports for connections and there are 65535 possible ports.  You might think of a port like a way to get to your house from the road at your address.  Each drive way is a unique path in and it accepts only a certain type of car.  Hackers tend to send a car into that drive way that acts and looks like the car it accepts, but once it’s in, it can cause havoc in your home (computer).

So what am I getting to? Routers connect different networks, so they inherently have to forward all the traffic from one network to another, including all the ports.  Since ports are easy ways to get into your computer (provided your computer is actively listening / accepting on that port), hackers tend to go for these ports.  Some ports on web servers (like port 80) are absolutely necessary to leave open, but other ports like 5109 (which happens to be the AOL Instant Messenger port) probably isn’t needed on that web server.   For a home computer, blocking all the ports inbound to the computer is probably smart, while allowing all the outgoing ports from the computer to the internet.

NOTE: I probably should add that with outbound connections through firewalls, if you request something from an external source (say a webserver) while having all incoming connections blocked, you will still get the response from that external source.  Firewalls are smart about allowing replies back through while blocking all new connections that are probably hacker initiated.

BOTTOM LINE: All computers have different needs. A wireless router when added to your network will block all incoming ports by default and allow all outgoing connections on all ports.  Therefore, by adding one of these cheap boxes, you’re not only gaining a wireless network access point, but you’re also protecting yourself from the nasty dangers of hackers that probe computers for open listening ports.  Since many ISPs provide un-firewalled public IP addresses to residential customers, those customers would be wise to install one of these routers.  Who knows, it might save their computer from a severe attack from a hacker some day!  I’ve also found that when I run a firewall in terms of a router, I don’t need as much protection from Norton 360 on my computer, so I basically have a faster computer (it isn’t working on blocking bad stuff anymore).

Hopefully this helps you!

Tags: Firewall, wireless router
Posted in Technology
|| 12 Comments »