Skip to content

I Made Shoes Over The Weekend

November 20, 2017

Ever been to a dentist that didn’t floss?

Or a personal trainer who was obese?

In IT, we aren’t like other people. We will tell you that you need to change your PW every 30 days and that xY7&lI1o0O is a better password than MarinersRox, but we may be guilty of using the same PW we have had since right out of school. We’ll tell you to backup your data, but . . yeah, let’s hope my hard drive doesn’t crash.

firewall: a physical partition designed to prevent the spread of fire. Found in cars, houses and computer network

Okay, maybe the computer firewall has a slightly different definition. A firewall is designed to keep the bad guys from getting into your system. It can also be used to prevent the good guys (your users) from getting to bad stuff. And it can also be used to keep your users from getting to the really good stuff. Basically, anything you want to prevent access to you can do it through a firewall.

Firewalls come in two types: software and hardware. A software based firewall is just that. It’s a program that runs either on a server or on a local computer that sets up a series of rules to prevent access. Windows computers ship with a built in firewall. The problem with a software based firewall, is that by the time the bad guys get to the firewall they are already at your computer. Kind of like bolting your front door to keep out the thieves. Sure, it’s a good strategy, but you still have a thief banging on your front door. He now knows where you live and he can try the other doors, the garage or the Windows. (See what I did there?)

A hardware based firewall does everything that a software based firewall does, but seperates it from your house. It’s a physical computer with two network cards. One network card is connected to the internet and the other is connected to your internal network. If a bad guy gets to the firewall, he can bang away all he wants, but he cannot step through the firewall to get access to your network. Kind of like having your mail sent to a PO Box. Someone cannot find your house just because they know how to send you mail. Hardware firewalls can be complicated and expensive to setup. You essentially have to dedicate a computer to just running the firewall software.

I use Sophos UTM as my firewall solution. (Yes, I just shared potentially useful information for someone wanting to hack my home network. But, since this blog is not hosted on my home network, it’s a risk I’ll take.) Sophos is a hardware based solution. I’ve had it for a couple of years. About 3 months ago it broke. The server was old and it finally died. I should have installed it on a new computer right away.

I didn’t.

Instead, I routed around it. In this case, my knowledge made me a little lazy. See, I have a internet based VoIP phone at home. It actually acts like it’s own firewall. It has an IP address assigned by my ISP and it broadcasts a separate IP range inside my house. In addition, I have Circle, by Disney. Circle is a software based solution that only allows known devices to communicate on my network. If you hack your way into my wifi system, for example, Circle will see you and not recognize your device. It will send me an message saying a new device appeared on the network. In the mean time, your phone, tablet or laptop will have zero privileges on my network.

So, it’s not like I was running naked on the internet. But, my firewall is an important part of my “defense in depth” strategy on my network.

And it broke.

And I didn’t get around to fixing it.

For months.

Finally, over the weekend, I invited my smarter-than-me neighbor over and I reinstalled the Sophos software. Actually, first I had to rebuild the computer it was going into. It wasn’t the broken one, but an old one that my neighbor had kicking around. I had to put in new harddrives. And it didn’t have a DVD drive, so I had to pull the DVD drive temporarily out of my network server and hook it up to the firewall computer. And then, I had to download the Sophos software on a separate computer and burn that image to a DVD. Then, I could boot from the DVD in the jury rigged DVD player, and reformat the hard drive and install a version of Linux and the Sophos software. Of course, then I had to go in and configure the Sophos software because I couldn’t save the previous configuration. Oh yeah, and Circle, by Disney saw my new firewall computer and made me go in and give it access to the network.

The short answer is that after several hours (and months) I now have a working firewall server again. I still need to go in and tweak all the rules. Right now, it’s set to allow just about everything through. I’ll go in and tell it to deny everything except for the computers that are in my network. Essentially, it will turn into another Circle device, just controlled via hardware, not solely software.

Anyway, I’ve felt a little like the cobbler who’s children went without shoes. It was such an easy fix, I’m not sure why I didn’t do it sooner.

Just lazy, I guess.

Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren. 

Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com

(c) 2017 Rodney M Bliss, all rights reserved 

Leave a Comment

Leave a Reply