- slide 1 of 4
Explaining Firewalls and Hacking
For some time now, firewalls have been used to steer away intruders who may pose a serious threat to someone's business or personal data. In order to avoid the risk of having their information infrastructure exploited by any malicious user, setting up a firewall has been the common practice today for most PC users and organizations.
Firewalls use either hardware or software (often times both) to prevent intruders from entering a computer or network from the Internet. In order for a firewall to function properly, it must be setup with rules to protect a PC and its users. Firewalls are configured to block or allow communication connections. How is that inbound and outbound network traffic still penetrate it? Is there a legal way around a firewall? The answer is yes.
Hacking is an act that often refers to attackers gaining non-allowed or authorized access to a system with the intent to do something illegal (e.g., to breach computer security). However, the same term also refers to allowable and authorized actions when attempting to take control over a computer or network system, not for malicious intent, but for non-malicious reasons (white hat hackers and ethical hackers, for example, check for vulnerabilities and weaknesses in firewalls, as mentioned next).
- slide 2 of 4
Hacking Firewalls: Legally
Hacking into firewalls is seen as a bad thing when hackers or crackers (as they are called) do it illegally; but when does it become a good thing (i.e., when it becomes legal)? It is legal to enter a protected firewall when PC users, network or security administrators, and even hired security consultants need (or are asked) to carry out testing of securities that have been implemented. Such tests include penetration and/or intrusion testing, for example, which help check for weak firewalls and potential vulnerabilities.
Also, since firewalls are good traffic auditors, and are good at detecting outside threats and attacks (from logging events) before they become successful, both PC users and administrators alike will tap into a firewall to look for suspicious activity before a serious security breach occurs. The term often referred to legal hacking is ethical hacking. This is a process where hacking techniques and tools are employed. It uses an attacker like approach (commonly referred to as "Red Teaming") to detect system vulnerabilities, and/or imitate an attack to mitigate the vulnerabilities used by hackers.
Hacking a firewall the legal way means there is no conflict of interest; that is, hacking becomes illegal when it is unethical. In the best interest of everyone, if you see or know of illegal hacking to report it! One such place is HackerWatch.org: Anti-hacker Community. This is a good firewall-testing site too.
Getting into a firewall, the legal way is done either with firewall rules setup or by using reverse telnet (to hack a firewall remotely). Netcat (which is an anti-hacking tool) can test certain firewall rules; Nmap (a network mapper) can be used to test a firewall configuration; Netstat (network statistics) and hping can also test a firewall.
Firewall Testing is a common practice. Some sites that offer their services are...
- Audit My PC can penetrate a firewall looking for open ports
- GRC will test a firewall (for free)
- Secure Me at DSLReports.com is another site able to do a firewall security test
Getting around a firewall legally to access the Internet or to bypass outbound connection restrictions is possible with Proxify.com and Fire Hole (a bypass firewall tool). Otherwise, there is Off Surf (which can also help to get around a firewall).
- slide 4 of 4