ORC Owl Logo 2  

Owl River Company

 
  Your IP is: 54.224.137.45


We are asked _all the time_ if a home user, or a business, with a dialup, DSL, or cablemodem connection to the internet really needs a firewall.

The quick answer is: Yes

A longer answer is: If you use an operating system with consumer PC roots (Windows 95, Windows 98, Windows NT, Windows 2000, Mac OS thru ver. 9), it is designed to be 'relatively open' and to be 'simple' to set up, administer and repair.

As a result, end users have graphical tools with background 'wizards' taking care of those configuration details which cause the most support load for 'Tech Support' at a given company. Additionally, the target design of the customer profile is that of an end user interested in productivity, and NOT system administration -- the secretary, or an interested hobbyist.

Unfortunately these tools have found that they cannot enforce the discipline to require operating system level protection of system. That is, an end user can buy and install a shrink wrapped package on their system with minimal attention to what the install package is doing. To permit this to happen, the end user has to occasionally modify system level files to install updated patch files, or additional operating system level services. In permitting such modifications, and in permitting 'wizards', which are based in macro processors, the tools needed for a 'Cracker' to take over remote machines are present and unprotected on the listed operating systems. ------------- As an example, home and small office users have come to use the 'Appletalk' or 'Network Neighborhood' peer-to-peer local area network convenience of sharing disk drives and printers. The implementations have to 'discover' newly added resources, again without material intervention from the end users.

This means that the networks tend to be 'wide open' as shipped from Microsoft and Apple.

We found this response on a professional system administrator's mailing list. It reflects the frustration of trying to respond to attacks from hosts on links which have been taken over and used without their owner's knowledge as an anonymous 'stepping stone' to attack hosts on the public internet with commercially valuable information.

Don't be clueless - get a
firewall

A properly designed and maintained firewall can 'close off' that vulnerability.

... So the answer is: Yes, you need a firewall. To protect you, to protect your private data, and to avoid a visit from the Secret Service (when you host turns out to be the one which was used to steal credit card numbers), or the FBI Infra-Guard unit when a terrorist group uses your PC as an attack vehicle against a website run by a religious group with whom they disagree.
       

Back to Top Page
[legal] [ no spam policy ] [ Copyright] © 2008 Owl River Company
All rights reserved.

Last modified: Mon, 14 Mar 2005 12:40:36 -0500
http://www.owlriver.com/firewall/index.php