Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /var/www/hosts/cases/inc/refcount.php on line 23
CASEScontact - solutions, tools & skills against latest security, cybercrime, hacking & malware threats
Just the facts
     
Title   Update 4 - Martina Hingis: Princess of the WTA & Angelina Jolie ==> they are already inside - best ways for using a firewall to protect your PC
Description   A little parody - should celebrities stick to their day jobs - not necessarily if they already been forced into robbing the bank they are supposed to protect - Harrison Ford and the Firewall
CyTRAP LABs ID   CT210001
Date   2006-02-10
Systems affected  
  • Windows 95/98/2000/NT/XP etc.
  • Mac OS X 10.1/11 Tiger etc.
  • Linux
Select language  
Version number   1.4
ISSN   1603-9866
Verify tip   http://casescontact.org/tips/210001
Risk assessment   High
Impact/Severity   High
Audio/Podcast files   CyTRAP PodCast show - Protecting our digital assets - Friday February 10, 2006
Update - change  

Update 4: 2006-02-10 - Updating of links, more free firewalls are offered for downloading, & new tools added for checking IF your firewall works correctly or NOT.

 

Why not get new tips and alerts by e-mail directly to your in-box? It's much more convenient:

Your email: or press here.
 

What's up?
     
   
Real life scenario Internet & PC scenario
What is the threat or vulnerability?    

Celebrities from the worlds of sport and entertainment, such as Martina Hingis, Ronaldinho, Britney Spears and Madonna have always followed certain procedures to protect their privacy and themselves from over eager fans.

Locking their doors, having security guards walking with Angelina Jolie and Brad Pitt from one session at the WEF Davos to the next is standard procedure.

2006-02-10 Hollywood released a movie called Firewall with Harrison Ford where Everything He loves Is About To Be Used Against Him.

Think of your computer firewall as guard dog or private security guard that helps protect your privacy and keeping intruders out.

Nearly every home computer with DSL, ADSL or a cable modem can be identified on the internet. It is comparable to your house number or having your phone number and home address listed in the phone directory.

Imagine having failed to have a firewall and having a hacker break into your computer or server, stealing your phone numbers as happened to Paris Hilton and her celebrity friends.

Harrision Forde 'shares' some of his skills from Firewall in this tip.
 
 

Problem & Solution
     
Admin  

'2 golden rules' for getting the most out of our tips:

  1. except if you are on CASEScontact.org, click on the URL or link above to make sure you have the latest version in front of you - to reduce your inbound traffic we do not always send updates unless they are REALLY necessary,
  2. browse the tip and check for FREE tools (below) ... invest 10 minutes it's definitely worth your time,
  3. do something good today, share the tip with one of your friends, because she will probably appreciate the help and support you have given her by doing this and finally,
  4. unless you got this via e-mail, how about doing yourself a favor & making your life a bit less complicated by subscribing yourself to receive these tips - you will be glad you did.
Tip. Why not use an e-mail address to which you have access to from home as well as after changing the employer or university?
     
What does it mean to me? Am I vulnerable?  
So why should you and our celebrity friends care about a firewall? Because like with your apartment door being locked, you do not want anybody to 'enter' your computer and play robber regarding information and data on your hard-drive.

  1. The Threat Your privacy could be compromised by somebody accessing your apartment/computer without authorization.

  2. Vulnerability Is that your hardware/PC or software is being misused for ununathorized activities (e.g., spaming others).

  3. Impact One simple consequence could be that your Internet Service Provider cuts you off because a spammer is using your unprotected computer to send out spam. Else, your data's confidentiality are being compromised, in fact, the possibility for identity theft is real if you do not have a firewall installed on your PC.

    Based on the above, the firewall helps one to restrict traffic coming into and leaving your computer.

    Below we outline how you can minimize the threat, vulnerability and impact. Failing to install a firewall can really harm you and your data/information greatly.

     
If I fix the problem - will it help me?
How		  

Please remember, even if you cannot be identified from the Internet because your computer is behind a corporate firewall or a router, you are still better off to install a software-based firewall on your PC as well to improve protection.

Your firewall will protect you against possible attackers from the Internet by shielding your computer or network from malicious internet traffic.

Blocking outsiders to take control of your computer prevents PCs from being used as spam or denial-of-service zombies.

Martina Hingis pointed out to Madonna recently that it is vital that one configures the newly installed firewall correctly, thereby enabling it to do its job properly by:

  1. blocking data from certain locations, while also

  2. allowing relevant and necessary data to pass through the firewall.

The above is especially important for residential or home users with a broadband connection who rely on 'always on' connections, such as is the case whilst using cable or DSL modems. Nonetheless, when one is not using the Internet, the cable modem must be unplugged to better protect the PC while reducing the risk of having a hacker intrude while one is away or asleep.
     
How can one describe the solution?  

Angelina Jolie, "it" girl and goodwill ambassador for the UN High Commissioner for Refugees briefed her colleagues about how firewalls are offered in two forms:

  1. Hardware-based (external) that protects a number of computers at the same time, such as one in your router at home, and/or

  2. a software-based firewall that works on your PC or workstation.

Best risk management - easy to do by yourself is to install a software-based firewall on your PC. If you have configured the firewall properly it will deny nearly all traffic. Filters allow only specific traffic through.

     
Does Microsoft offer me a solution?  

If you use Windows XP and have installed the Security Package (SP) 2, there is a software-based firewall included.

You can get step-by-step advice how you may activate this software-based firewall under Tidbit 2 further below - its an easy process.

Even if you have activated the Windows firewall coming as part of the SP2 update, please be aware that this software-based Windows firewall does not block outbound traffic , a function which prevents computers from being used as spam or denial-of-service zombies.

So what do I have to change on my Windows firewall to prevent my computer from being used for sending out spam or as a denial-of-service zombie?

The answer is to get the the free update from Microsoft (Dec. 23, 2004):
     
Where can I get more help?  

Below is a list giving you resources.

Ronaldinho found the above link to the list of firewalls not that helpful but, instead, he took advantage of the direct links provided below for downloading various top notch software-based firewalls.
 


What is the solution to this problem ?
     
Tip 1  

Our choice is Kerio's firewall, it works easily without any conflict with various anti-virus packagages and spam filters. Martina informed her friends that some experts prefer the earlier Version 2, over the latest one - because of simplicity and user-friendliness. It can be found here:

Please remember, a firewall has to learn before it functions best in the way you want it to do its job. So at the beginning it will come and ask you to either:
  • permit,
  • deny sometimes also called reject (depends on the software package)
an activity.

Installing the above firewall on his kids' computer, David Beckham found that it is worth being careful and NOT asking the firewall to create a rule (e.g., accept or delete) for providing information regarding a ping. Instead, one should do this only if being absolutely sure that this is correct such as having your e-mail program trying to access the server to download new messages. Most pings should be denied and its safer to have to deny five times a day than creating the wrong rule.   

     
Tip 2  

Once Britney Spears had downloaded the firewall, she installed in on her PC.

But Martina Hingis advised her to play it safe by choosing the default settings for the firewall as set by the vendor.

Martina explained that default settings are usually quite restrictive making it, therefore, the safe choice to start with these following the motto: better safe than sorry.

Tokio Hotel found another free firewall choice that is offered by Skoda, the car manufacturer.
     
Tip 3  

How do you know if you have installed the firewall correctly?

No problem to get an answer to the above question. Simply use one or both of the tools offered below

If you have a software-based firewall installed, the above check will tell you about your protection level but, most importantly, provide with an explanation why and how you are protect or fail to be protected properly.

   
 


Take another 2 minutes - More tricks to safeguard your information better
     
Tidbit 1  

Angelina Jolie was still worried after having installed the firewall, because the above vulnerability scan told her that some ports were left open on her PC. She wanted to know why this was necessary.

Britney Spears gave her the link below to check out, because she had found it helpful in explaining each of the left open port's exact function. Based on this information she knew why some ports just had to be left open for her to surf the internet.

What Britney liked a lot was that besides explaining what the port does, the information also explained succinctly how she could close an open port by following a few easy steps.

   
Tidbit 2   Here are Harrison Ford's '5 quick steps to firewall success' for turning on your Windows firewall: If you want more information and instructions about this, including graphics and screenshots in French, please look here to our sister site in Luxembourg:    
Tidbit 3   However, experts agree that relying on the Windows Firewall for endpoint security is simply not good enough because of the following problems:
  • any application running on the computer is allowed to edit the registry and, thereby
  • can have itself exempted from the firewall's rules (e.g., see the Sony BMG saga about music CDs/DVDs) Britney Spears has some experience with the above problem because her CDs had a program that circumvented the Windows Firewall and others installing a file in the Windows registry when some of her fans wanted to play her music on their PCs.

This means that the Windows firewall will just ignore a piece of software if that software performs a simple registry edit. That defeats the purpose of having a firewall in the first place if software can bypass it so easily. Hence, be careful, see the findings of the test that revealed this vulnerability here:

   
Watch out  

While a hardware-based firewall is a bit more expensive then a software-based one it has a distinct advantage:

  • it can stop malicious traffic before it enters your PC where you have valuable information
We have not recommended some firewalls including ZoneAlarm, Sygate and others for various reasons that we do not need to mention here. However, those we recommended above provide first class protection and are easy to install as we experienced ourselves when doing our tests. Naturally, there are more good choices around and if we find them, we will let you know for sure.   
 


CYTRAP resources - check it out - because it will help you better protect yourself
     
Related tips  
Glossary   Please either sign in by clicking on 'Login as a guest' to get the definition, no registration required or else get a free registration to get access, its worth it.

DEUTSCH
Additional risk minimization  

Paris Hilton has downloaded CyTRAP's "That's hot!" freeware program recommendations for firewalls and scanning tools regarding open ports as outlined above. Good idea since things went a bit wild at this year's World Economic Forum WEF Davos where blogging efforts by:

  • Bill Gates,
  • Angela Merkel - German Chancellor
  • Nandan Nilekani, CEO, Infosys Technologies,
  • Manmohan Singh, Prime Minister - India,
and others got some hackers to check out firewalls and security on various devices ;-). So don't get caught - follow Harrison Ford playing the Jack Stanfield character in the movie Firewall & install a firewall on your PC NOW.

Therefater, make sure you check if it works right, otherwise you might be put into a position like Jack Stanfield when he says 'You'll get the money, when I get my family.' PS. Just because exotic looks might make somebody a sex symbol, does not suggest that an exotic and complex firewall will do better in protecting a PC. In fact, a simple one works best for most users including some of the celebrities mentioned in this tip.

Technorati tags: , , , , , , ,

Administrative
     
Author   Urs E. Gattiker - CyTRAP Labs
     
Revisions  
  • 1.0 - First Version
  • 1.1
  • 1.2 - 2005-01-16 - Released
  • 1.3 - 2005-04-14 - Update 3
  • 1.4 - 2006-02-10 - Update 4

    • Contact details   Web: http://CASEScontact.org
    E-mail: support01@CASEScontact.org

    Tel: +41(0)76-200-7778 or + 44(0)70-9237-6036
    Fax: +44(0)70-9237-6036, dial 3 send fax
     

    --END of ADVISORY - Important Info Below--
     
    We recommend that you VERIFY ALL ADVISORIES you receive IMMEDIATELY, by clicking on the link provided at the top of this alert.

    NO WARRANTY
    Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

    Ride the rollercoaster successfully by subscribing to our alerts, tips, tools and skills training receiving them either via:

    1) e-mail
    2) RSS feeds, or else, just get a
    3) free skills tune-up


    NO WARRANTY
    Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

    CASES writers & sponsors do not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.
    Full DISCLAIMER notice at: http://www.casescontact.org/terms.php

    UNSUBSCRIBE
    If you no longer wish to receive this TIP ADVISORY, please Unsubscribe at:
    http://www.casescontact.org/unsubscribe.php

    QUESTIONS, comments, ideas? Cheer us up at:Tips-Comments at CASEScontact.org

    CASEScontact.org -- Threat Alerts and Security Notices --clear and precise, no compromise -
    --currently hosted by Flashcable
    -- END of TIP & Tricks ADVISORY--
    Copyright (c) 2007 by CyTRAP labs - Urs E. Gattiker. All rights reserved.