Mr. Chambers said:
Kendan seems to be one of the few with the right idea in this thread. I don't quite follow the logic of all of you guys who slack off on security or say it's a complete waste of time because "a professional hacker will get in no matter what". That way of thinking can only harm your PC - and the Internet as a whole for that matter...
Sure a skilled hacker probably could get in, but the idea behind routers is to hide your IP in the first place. At the very least it will stop 99.9% of the no-talent script kiddies out there, which IMO are a bigger problem than the "real" hackers.
I'm probably a 7 or 8. I run an IPCOP box which I constantly monitor the log files of, I run a program to block known bad IP ranges from my system, run AVG, always updated WinXP Pro, and weekly scans with several anti-spyware and anti-trojan programs.
I also think smart computing is more important than running every scanner under the sun, but that doesn't mean there aren't certain steps/actions EVERY user needs to take. Especially if they have broadband.
Well, the reason behind lacking internal security is as following:
1) Unified firewalling
if you have a hardware firewall already running for the entire network, there is really no point running software firewall on each and every workstation on your network, waste system resource as well as increase ping time.
2) do you really need this?
i suppose if you want, you can stick a hub between the cable/dsl modem and your router, then connect a box to the hub specifically run packet fingerprinting software to identify exactly what type of attack, who is attacking, what kind of software is that person using. however, it is just as easy to send a packet with spoofed IP address or attack from a hacked host. So IP based firewall rules are pretty much useless.
3) "ok, i got this logged, what do i do now?"
you can e-mail the business and/or isps the attacks originate, however it is entirely pointless in doing so unless the attack originate from the same ISP as yours. In most cases, IT managers ignore such e-mails. if you get ddosed, the most you can do is call up your isp and have them route away the attack. it doesn't matter if you block packets when data still being routed toward your host. your downstream will still be clogged.
4) NAT doesn't automatically forward incoming connections.
in order for a hacker to break into your network, he/she has to go through your router first since if you don't set up port forwarding, there is no way for them to establish connection to your internal network.
5) Trusted users.
if you run a network for your home, it is far better to educate everyone on your network rather than dedcate lots of network resources to run managed server solution, it is far better to not download the trojan at all than having the said trojan installed and running, then to be discovered and promptly removed. the later solution also doesn't guarantee that the said trojan wont attach itself onto the OS. no matter how new your virus/trojan difinition is, there are always custom jobs that can bypass the anti-virus programs.