PDA

View Full Version : Firewalls on an always on network



Brain_Cell_Anon
15-12-2003, 09:44 AM
Xmas greatings oh cleffer ones!
I'm just after finding out if it is at all possible to place (have) a firewall on a network that is permanatllly connected to the internet.
I should be honest here and say that I have been accused of downloading porn at work. To the best of my knowledge I have not, but there appears to be a trojan horse already on the computer in question to which I am a little nervous that something has been downloaded with out my knowledge.
The powers that be have said that it is not possible to protect from things like this because the network is always on.
Any help would be much appreciated, pointers as to if this is or isn't correct (as it may go to court if the store tries to push the point that I did it on deliberatly) or any other help on the subject as well wouldn't go amiss!
Cheers all, and have a good Xmas and knew year!! B-) :^O

Chilling_Silently
15-12-2003, 10:03 AM
Might pay to install something such as Zone Alarm on your personal PC (Or I think there's a Kerio Firewall that Susan B's been talking about with Greg) so you can check if its coming from your PC easily and stop it/remove it

Aside from that, they should look into something such as a Dedicate firewall. An old 486 running SmoothWall perhaps?!

linw
15-12-2003, 10:17 AM
Hi, there. To start with, it is certainly possible for your work-station to have a firewall. Indeed, it darn well SHOULD have a firewall and an up-to-date anti-virus program running. Additionally, there should not be doubt about the suspected trojan. The machine should be thoroughly checked with an anti-virus program and a couple of adware checkers such as Spybot and Adaware.

As an employee you should demand that you (and the firm) are protected as outlined above. Both your reputations are at stake.

Another point. Can anyone else access your machine? This could be critical to your cause.

If you know you are squeaky clean I think you should demand some skilled independant assessment of your machine and the security setup as you seem a bit vulnerable as it stands.

Good luck.

Pheonix
15-12-2003, 10:19 AM
A firewall is like a guard at a Hollywood party. It will only let in those programs that you have approved to pass. It won't stop , like the guard and someone with a hidden gun, a program you have approved that contains a Trojan/Virus etc.. If the computers on a network don't contain a firewall themselves, then a Trojan on one computer can spread via the local network as well. Hence one PC can infect another. If the job is done right, logs on the firewall will indicate what program/user is accessing the net.
As for always online, normal practice is to have a good firewall and the server runs antivirus and anti-trojan software. Or each PC has the software and the server updates it.
I would advse, if possible, to download an anti-virus program and check you have a Trojan. If you printscreen off it, then it could be the Trojan that is "reporting back" to a porn site.
Normally a Trojan would come hidden in a legit program or a hacker has got through the companies defences and dropped it.

Susan B
15-12-2003, 05:36 PM
If your work's internet connection is via an ADSL router then it should already be protected by the router's hardware firewall for incoming traffic, though that would depend on which one it was. It will not, however, protect from programs downloaded (eg trojans) or dodgy webpages opened that can infect a computer. Nor will it protect or warn about programs accessing the internet from your computer like a software firewall will.

Another point to be aware of is if you have a look at the Spyware FAQ (link to FAQs top right of this page) you will see the following:
A computer does not have to go to a site to get infected - if a computer on the same LAN goes to a dodgy site the site can infect the PC that is sharing the internet to the rest on the LAN.

As already mentioned a firewall should be installed and used on an always-on internet connection and as it will be for a work situation rather than for personal use a professional paid version will be necessary.

In addition to scanning with an anti-virus program I would advise scanning with a trojan detecting program as well.

mikebartnz
15-12-2003, 11:04 PM
>The powers that be have said that it is not possible to protect from things like this
> because the network is always on.
I just wonder how much the powers that be really know when they say something stupid like that.

Brain_Cell_Anon
17-12-2003, 12:40 AM
Thanks all (so far). :D
I did think it a little strange that it was put to me that there was no protection (and could not be) because the connection was always on. Even my limited knowledge of networks thought that would be a little bit like letting the sheep out for a stroll in the lions den!!!
A few other things said have left me thinking that the blame had to be dropped some where and I was 'there' at the wrong time, but that's another non-computer issue (is there a I hate my job at the moment section here any one???) :_|
The matter has been 'dropped' for the while, don't do it again, especially after I'd done a bit more research plus explaining what you have said, plus threatened with a counter-sue (how American, a?) if this every went any further with out being given more proof than ".....well you were in the room just before it was found!"

Any more suggestions/help/hints on this subject wouldn't go amiss either as I still want to get both my computers at home talking and with ICS going.

Regards,
The Cell

mikebartnz
17-12-2003, 01:21 AM
Bah Bah :D give them the sack for being ignorant bastards at least you tried to find out about it whereas they preferred to be stupid.

Chilling_Silently
17-12-2003, 02:19 AM
If your workplace is any good, they'll have a proxy logging everywhere your traffic's going...!

Sounds to me like Mikebartnz is right, and you need a good talking to the IT dept.

Tell them you want some greater security on your PC so you dont get accused of this again.
They should be more than happy for you to have ZoneAlarm installed on your PC (After all, you're helping them out by installing it) and keep your own PC well-maintained.

I wouldnt rely on the IT guys to defrag your PC every week, or even run a scan for Viruses, let alone spyware and/or trojans.

IMHO, the IT Dept are there for setting up your PC, and for when things go wrong.. and it sounds like they're sticking to that pretty well... so do run your own maintenance!

A few more things about your situation would help...

Job type, Computer OS, rough Company Size, how they found out you were downloading pr0n.....

Dont give up on them :-)

Cheers


Chill.

sam m
17-12-2003, 06:35 AM
> A few other things said have left me thinking that
> the blame had to be dropped some where and I was
> 'there' at the wrong time, but that's another
> non-computer issue (is there a I hate my job at the
> moment section here any one???) :_|

Do you have an interest in IT? If you hate your job then why not pursue this area about IT security, if the incumbants are not doing their job properly then this might be your opportunity to learn a new skill and new job.

Did they ever show you proof that the material was found on your computer? Maybe your suspicions are right that they are looking for a sc apegoat. I would suggest that if they did try to "get" you now then they will be watching you closely (not just computer wise) for any other excuse to dismiss you.

cyberchuck
18-12-2003, 08:47 AM
> Tell them you want some greater security on your PC so you dont get
> accused of this again.

Just watch your wording if you're going to do that. There are some Network Admins which absolutely love their network and believe it's the greatest thing since sliced bread and if you come up and tell them there's a problem with it then they can get really nasty.