Firewall

A firewall is software or hardware that checks information coming from the Internet or a network, and then either blocks it or allows it to pass through to your computer, depending on your firewall settings.

A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers.

View and edit advanced firewall options

• You must be logged on as an administrator to perform these steps.
• Windows Firewall with Advanced Security is a Microsoft Management Console (MMC) snap-in that provides more advanced options for IT professionals. With this firewall, you can set up and view detailed inbound and outbound rules and integrate with Internet Protocol security (IPsec).

Follow these steps to open Windows Firewall with Advanced Security:

• Click to open Windows Firewall.
• In the left pane, click advanced settings. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
• Note: You must be a member of the Administrators group or the Network Operators group to use Windows Firewall with Advanced Security.

Un-Blocking Torrents

Most system administrators use below techniques to block Bit Torrent on the network.

1. Disable installation of torrents clients like µTorrents on your system. The assumption is that without a torrent client a user will not be able to download a torrent file.

2. Block the download of any file that has a .torrent file extension. All torrent meta files have a .torrent extension. If a user is not able to download the torrent meta file, then it will not know the location of the target file and hence it will not be able to successfully download it.

3. Blocking the ports used by torrent clients like µTorrent.

Let us know how easy to bypass these commonly used blocking mechanism.
If your administrator does not allow you to install torrent clients on your system, then it is still possible for you to download torrents with the help of web based torrent clients which allow you to download the torrent file straight from your browser!

Web based Torrent Client
Open your browser and type www.bitlet.org in the address bar and open the website.
Type the torrent URL that you want to download inside of the www.bitlet.org webpage and download your torrent without any hassles.

Tracking of intruder

The information provided on an intruder depends on the levels of tracking that you’ve enabled on your Honey Pot. Common tracking levels include the firewall, system logs on the Honey Pot and sniffer-based tools.

Firewall Logs
Firewalls are useful as part of the overall Honey Pot design for many reasons. Most firewalls provide activity-logging capabilities which can be used to identify how an intruder is attempting to get into a Honey Pot. I liken firewall logs to router logs; they can both be set to trap and save packets of a pre-determined type. Remember that when setting up the firewall, you would normally want to log ALL packets going to the Honey Pot system, as there should be no legitimate reason for traffic going to or from the Honey Pot.

Reviewing the order, sequence, time stamps and type of packets used by an intruder to gain access to you Honey Pot will help you identify the tools, methodology being used by the intruder and their intentions. Depending on the detail capabilities of logging on your firewall you may or not be able to gain considerable information from these logs.

Another useful function of many firewalls is their notification capabilities. Most firewalls can be configured to send alerts by email or pager to notify you of traffic going to or from your Honey Pot. This can be extremely useful in letting you review intruder activity on your Honey Pot.

System Logs
Unix and Microsoft NT seem to have the lion share of the Internet server markets. Luckily, both operating systems have logging capabilities built into their operating systems, which help identify what changes or attempts have been made. It should be noted that out-of-the box, Unix offers superior logging capabilities as compared to Microsoft NT.

Some of their out-of-the box logging capabilities include:

Microsoft NT

• Security: Available from Event Viewer
• User Management: Needs to be enabled through User Manager
• Running Services: Netsvc.exe needs to be manually run and compared to baseline.

Unix

• User activity logs: utmp, wtmp, btmp, lastlog, messages
• Syslogd: An important option is that it can log to a remote server! The range of facilities and priorities available through syslogd is very good.

There are some tools available that greatly increase the information that can be gathered. Many of the Unix tools are public domain, while many of the Microsoft NT tools are not.

Sniffer Tools
Sniffer tools provide the capability of seeing all of the information or packets going between the firewall and the Honey Pot system. Most of the sniffers available are capable of decoding common tcp packets such as Telnet, HTTP and SMTP. Using a sniffer tool allows you to interrogate packets in more detail to determine which methods the intruder is trying to use in much more detail than firewall or system logging alone.
An additional benefit to sniffer tools is that they can also create and store log files. The log files can then be stored and used for forensic purposes.