My computer is overheating, must be the firewall...



  • I got the title from a phrase said by Dilbert's pointy-haired boss.

    What I'm about to tell is not about overheating, though. It's about network security.

    I was talking to a few of my classmates about the jobs we have. Getting into a Computer Science course here is a surefire way to get a job. Which is mad and sad, since being a student never had anything with being competent in the first place.

    Well, there is this guy who is working for a rental store or something... And he was talking about how he had a problem with the company's network once. His boss wanted to access some sensitive data from his home, but could never do it because he couldn't connect. The secretary told my classmate that the "IT guy" who worked there before would solve stuff by disabling a firewall. Guess what he did? Yep, now his boss can access the server from his home PC!

    I just don't know how to tell this guy what he has done.

    He went on to tell us how, before learning about that, he solved a problem between two applications in different machines that wouldn't get succesful connections between themselves. By installing both of them in the same machine. This is the kind of solution that may seem clever at first, but not when there are good reasons for placing different applications in different machines. I'm just thinking about the impact that would have on the performance of whatever they have running there if it's big.

    Yesterday this guy said he was making some research to find out what a port and is and what purpose it serves. Because, you know, when you go setting your firewall up in Windows, in the exceptions tab, you can add these things called ports.

    I'm thinking about telling this guy firewalls can cause PC's to overheat, just for kicks.



  • [quote user="Renan "C#" Sousa"]

    He went on to tell us how, before learning about that, he solved a problem between two applications in different machines that wouldn't get succesful connections between themselves. By installing both of them in the same machine. This is the kind of solution that may seem clever at first, but not when there are good reasons for placing different applications in different machines. I'm just thinking about the impact that would have on the performance of whatever they have running there if it's big.

    [/quote]

    On the other hand, placing applications that have to communicate on separate machines obviously causes some networking overhead, which can also be the reason for perceived slowness.



  • Okay, each case is a case, and I'm guessing it wouldn't be like that there. I just wanted to say, one shouldn't see firewalls as the source of every network problem, and disabling/bypassing them as the solution to everything.



  • [quote user="Renan "C#" Sousa"]Okay, each case is a case, and I'm guessing it wouldn't be like that there. I just wanted to say, one shouldn't see firewalls as the source of every network problem, and disabling/bypassing them as the solution to everything.[/quote]

    I can simplify:

    One should not place incompetent morons in charge of complicated equipment. 



  • @asuffield said:

    [quote user="Renan "C#" Sousa"]Okay, each case is a case, and I'm guessing it wouldn't be like that there. I just wanted to say, one shouldn't see firewalls as the source of every network problem, and disabling/bypassing them as the solution to everything.

    I can simplify:

    One should not place incompetent morons in charge of complicated equipment. 

    [/quote]

    Equally important is not to place incompetent morons in charge of the staff in charge of complicated equipment.



  • I have a friend like this...

    He allways wants me to disable my firewall if we have some network problems between our PCs and some game is not working. He cant grasp it that I dont WANT to turn of my Firewall (except for a MOMENT in order to confirm its a missing Port)... And thats just for my private rig... I wouldnt dare to disable a company firewall so my boss can gain access to some files.. Thats crazy.

     



  • At the same time, though, some people have a woefully inadequate understanding of just what is and isn't secure. I have a close relative (close enough that I spend a good bit of time using their internet connection!) that will physically disconnect their router when they leave the house so that that "viruses won't get in." They are an IT worker for a major government office.

    People believe that ports are magical gateways into the inner workings of a computer. "If ports are open, you aren't secure" they cry! But, alas, they will never understand the difference between safe and unsafe services. If you're not running any insecure services on the port, the port does not need to be actively blocked.



  • @djork said:

    I have a close relative (close enough that I spend a good bit of time using their internet connection!) that will physically disconnect their router when they leave the house so that that "viruses won't get in." They are an IT worker for a major government office.

    From my experience of government IT workers, I am surprised that this one is capable of leaving their own house without assistance and a map. They'll be management material with that kind of skill. Most people in that job have to be reminded to swallow their own drool, rather than letting it run down their chin.

     

    People believe that ports are magical gateways into the inner workings of a computer. "If ports are open, you aren't secure" they cry!

    ... 

    If you're not running any insecure services on the port, the port does not need to be actively blocked.

    And why are you running any insecure services in the first place?

    We can thank Gibson for that particular piece of folkstupidity. He has done more to retard the security awareness of casual internet users than any other single person in history.



  • @djork said:

    At the same time, though, some people have a woefully inadequate understanding of just what is and isn't secure. I have a close relative (close enough that I spend a good bit of time using their internet connection!) that will physically disconnect their router when they leave the house so that that "viruses won't get in." They are an IT worker for a major government office.

    Whom do you trust? What if the router software has a remote exploitable bug? Physically disconnecting the equipment is 100% safe. Everything else... is a matter of trust.



  • @ammoQ said:

    @djork said:

    At the same time, though, some people have a woefully inadequate understanding of just what is and isn't secure. I have a close relative (close enough that I spend a good bit of time using their internet connection!) that will physically disconnect their router when they leave the house so that that "viruses won't get in." They are an IT worker for a major government office.

    Whom do you trust? What if the router software has a remote exploitable bug? Physically disconnecting the equipment is 100% safe. Everything else... is a matter of trust.

    I do employ a healthy amount of trust in my day to day life. I find that it makes things a lot more enjoyable. The people I trust the least, interestingly, are those who can't find it in themselves to trust others.

    When it comes to something like this: I trust my understanding of networking and security and the latest version of open standards and software to do the job, until proven otherwise. Are you really so paranoid that you have to disconnect everything to feel safe?



  • @djork said:

    When it comes to something like this: I trust my understanding of networking and security and the latest version of open standards and software to do the job, until proven otherwise. Are you really so paranoid that you have to disconnect everything to feel safe?

    No, but if someone does, I don't ridicule him. Too many "safe" things have been proven otherwise. It's more like risk management: Changes are very little and the possible damage is not overwhelming, so I don't care. YMMV. 


Log in to reply