This is to answer some of the common concerns or questions about privacy.
- Unlike some of the more powerful enterprise-grade Firewalls, Firewalla will not look at any encrypted traffic. The box will never look at any traffic that's end-to-end encrypted. (It actually can't, without some certificate manipulation).
- This is the reason firewalla can not selectively block youtube videos.
- Firewalla will also not look at the traffic that's beyond the protocol layer. (Firewalla will compute a hash of the packet or assembled packet and use that to match bad signatures)
We look at these things
- MAC Address
- IP Address
- Domain name
- SSL certificates
- Duration of the connection
- Number of bytes in and out
- Protocol user agents
- SSH/SSL/HTTP/HTTPS protocol
- URL if the protocol is HTTP
The Magic
We try to use all kinds of algorithms to make sense out of this meta-data... this is where we are special.
Examples:
- You download a file from https://xyz.com, firewalla will see a large transfer from xyz.com to your PC. Firewalla doesn't know the content.
- You click on a youtube video. firewalla will know you are watching youtube and for roughly how long (speculative). Firewalla will have no idea what you are watching.
- Someone is trying to connect to your IP camera from the outside. Firewalla will know and warn you.
- Your camera is hacked and it has been streaming outside, firewalla will know.
- If any of your devices are behaving differently, Firewalla will warn you about it.
- You download/visit a site https://badsite.com that's known to have malware, firewalla will warn or block the site automatically.
- You download a piece of malware from a NOT known malware site https://someplace.com, Firewalla will not know. Antivirus should be able to catch that.
- Your kid visited https://an-adult-site.com/something-bad.html, Firewalla will only see an-adult-site.com, but not the string behind that.
- Someone send you a phishing email, Firewalla won't see that until you clicked the link that came with the email. Firewalla will not know you clicked the link from an email.
- Firewalla can see protocol layer attacks, such as someone repeatedly trying to log in to your web server (or ssh) at home (if you have one).
- Firewalla can see things like heart-bleed attacks against your devices from outside.
What to do with Encrypted Data? Use host-based tools such as:
- Keep on running your Anti-virus
- There is some browser-based technology that can see the content after decryption.
Why not looking at encrypted traffic?
- To do this, will require Firewalla software to break the end-to-end trust. We don't want to do that. The technology of doing this will require trained IT or Information Security professionals to operate properly.
- It is also complicated software to decrypt and encrypt traffic. It will require specialized certificates to be installed on all devices ... you can do that with an iPhone but unlikely with an IP camera.
Comments
2 comments
Will Firewalla ever develop or compile a single document titled "Firewalla User Guide"? I can locate most of the articles published and compile my own User Guide, but I know I will be missing some articles and probably important ones.
This would be a nice feature for you to have on your web page: a menu item that allows a user to "compile" current articles/guides/instructions, into a single .pdf document. This would be similar to the feature that wikipedia offers to download articles from their web-page.
I have seen this feature on web-sites that deal with products and/or technology that are changing and users are uploading vetted information that others will find useful.
This feature would make Firewalla, ALL versions of your product, a much easier to use and understand product and your implementation of the "FIREWALL" technology.
Sincerely,
Tom Goss
see https://firewalla.com/pages/user-manual
and https://help.firewalla.com/hc/en-us/articles/360040091853-Getting-Started-with-your-Firewalla
Please sign in to leave a comment.