cancel
Showing results for 
Search instead for 
Did you mean: 

firewall

N/A

firewall

I am using zonelabs firewall. When I tested it via the sheilds up website it stated all ports were closed but not stealth.

I have all the settings in ZA on high security surely this should mean that when I tesy it it should be stealth?

Any advice? :?
8 REPLIES
crimsone
Grafter
Posts: 317
Registered: 15-08-2007

firewall

Not at all.

Stealth is a very difficult thing to achieve sometimes, especially if you wish to maintain full internet functionality.

Which ports were reported as open, and which reported as closed?

Try testing here(the firewall is better than the zonelabs one too) http://soho.sygate.com

At least, it's a good firewall for now. Sygate is now owned by Symantec - anything Symantec touches usually turns to tripe sooner or later.
N/A

firewall

right lets get two things clear

steath and closed are both, yes BOTH buzz words that non "security" people love to hear. they are thought up by groups of idiots to make their bosses happy. NEITHER help in the security of your PC.

lets run this down shall we:

1) closed : ok so the port is not being used by an incoming or out going session (lets deal with TCP only here) so what? oo yay so nothing is running on that port, or using it to communicate. Well done, you are not running any server that you did not think you were. You can "close" nearly all ports by running no servers (and disabling file sharing in your network settings). This does not help, nor does it bother a hacker // scanner. If it is closed the packets are droped and return a port closed back to the scanner -- ergo, the scanner knows you are here -- thus no real gain (other than there is no server running on said port for that hacker to then exploit or use to gain futher information about your pc)

2) this great new word that sends shivers down my spine "stealth" this in lamen terms "eats the packet", and gives a "destination host unreachable" error to the scanner, yet if the hacker knows you are actualy there by nicking your ip over IRC // MSN what ever then it really doesnt help. You can even stealth open ports, but hey then you cant actualy connect to them yourself!! so thats kinda pointless. The only thing it does is make blind scanning miss your PC (even though the fact that it routes the packet to null is noticable, and hence programs such as NMAP will still detect your PC being online.)

So overall -- neither matter if you have a fully upto date system running only what you want to run. Closed is good, as it means the other person can not connect to you on that port, stealth on the other hand is useless.

oh and Ps: symantec make one of the best, if not THE best corperate antivirus that you can buy, so yea.. want to rethink the slander? ok the home products suck, but thats cos they have to make it "user friendly" eg for your 90 year old gran to be able to use, and as such they have had to compromise on the actual program, where as with the corperate stuff, it does what it should with the least amount of fuss with the fastest scanning engine there is.
crimsone
Grafter
Posts: 317
Registered: 15-08-2007

firewall

lol - in fairness, the corporate products are ok, I will give them that. I stand by my wors on home products however. Besides, it wouldn't be slander - it would be libel, and it's not libel because it's evidently my opinion which is backed up by my experience (even if coutless others say exactly the same through their experience while owners of infected machines swear blind that Norton is the best thing since sliced bread.)

Anyways....

My understanding is that...

Closed: a port has repoded with a "closed" response.
Stealth: a port does not respond at all as though it simply wasn't there - essentially a complete block on remote traffic in or out with no remote response.
Full stealth: not connected to the interned :lol:

Seriously though, the better stealthed a machine, the better in my opinion - most supposed "hackers" out there are really just script kiddies who aren't that good. If you look inpenatrable, they just move on to find an easier target.

On my machine all major ports are "stealthed" (read the real meaning, blocked) unless in use (for example, as I write this, I have 80 and 443 open).

I do agree though, the use of the word "stealth" is just a tactic to make things look better than they really are. Stealth just means closed and not remotely contactable. Great against network roaming worms, and against script kiddies, but if a person who knows what they are doing really wanted to, they'd find a way in. However, these people are usually attracted to machines that look important and valuable. There is such a thing as becoming TOO secure on a home machine too, potentially making yourself a trophy target if you're really unlucky.

I still maintain that complete stealth but full functionality is difficult to achieve, as I believe buzzons said (can't communicate with ports).

That said, just be happy that you have a firewall, consider getting a router if you're feeling insecure (see the pun there? Cheesy), and avoid paranoia. If they really want to get you, unless you're a genius or a network engineer, they will Smiley
N/A

firewall

agreed Smiley
Community Veteran
Posts: 1,112
Registered: 30-07-2007

firewall

Can I tag a little firewall / router question in here for you guys to advise me on?

I am afraid it’s probably very noobish but here goes:

I have two PC’s networked to a Netgear DG834G

IP Addresses for the Netgear LAN port is 192.168.0.1 and the PC’s are 2 and 3

Now in my firewall (Zonealarm) I have included both PC’s on each others trusted zones. Everything works fine with the occasional exception that both computers show connection requests from 192.168.0.1 which I allow manually.

I was originally going to include the LAN port address on the trusted zone but I wasn’t sure if by doing that I was also saying ok to all internet traffic?

If I say yes to all traffic from this port am I effectively making zone alarm useless?

Or will I still get warned of traffic from the the Netgear ADSL IP address as it is the other side of the Port?

Any answer or info on where the Netgear firewall stops and the software one starts etc would be much appreciated!

Cheers

Peter
crimsone
Grafter
Posts: 317
Registered: 15-08-2007

firewall

The netgear "hardware firewall" (the better kind) stops at the router. The software one stops at each computer.



If you consider the breaks in the lines to be the firewalls (as labled), you can see where they are. The firewalls in the router aren't really seperate - it's just one firewall that intercepts each port on the router. Essentially, only the router itself is considered as 192.168.0.1, and its firewall decides whether or not it should allow internet traffic through to any given lan side computer, and also whether any given lan side computer should be allowed to communicate with any other on the LAN side. (and of course, the same goes for traffic leaving computers and heading for the internet.)

Any internet traffic reaching your computer will still arrive as from the IP address it originated at.

when traffic from the internet or another computer has been passed to your machine through the router, it then encounters your software firewall, which independantly makes a decision as to whether the traffic should be allowed to pass or not. Setting it to allow 192.168.0.1 means that it can communicate on that LAN, but does not mean that you are allowing traffic from the WAN side of the router.

Of course, the hardware firewall on the router is only any use if you set it up, and only works as well as you've set it up. Having a well set up hardware firewall on your router makes software firewalls on each computer redundant, but It's still a good idea to use them as a second line of defense so to speak - it makes your network more robust against attack, but it also has the effect of allowing you to control traffic to and from your machine a lot more easily.

If you set your software firewalls to trust traffic to and from 192.168.0.1, it won't render them useless. It's less secure than only allowing particular types of traffic, but that's more complicated to set up, and I'm not sure if Zone alarm is quite that configurable. Allowing all traffic for 192.168.0.1 should be perfectly safe.

Was that what you asked?
Community Veteran
Posts: 1,112
Registered: 30-07-2007

firewall

Yup that's great and the answer is much appreciated. As a novice I have for now left the Netgear firewall on default as I might actually weaken its protection by experimenting Smiley

The main reason I keep Zonealarm on the machines is as you say for backup and also I am paranoid enough to like to know what programs on my computers contact the outside world and control when they do it!

Thanks again for your help.

Peter
Community Veteran
Posts: 1,112
Registered: 30-07-2007

firewall

Hi Again

I have a follow up question, its not a problem just one of those I want to know things :?

Having added the router address to Zonealarm's trusted list... My PC and the router are talking non-stop! What the hell are they chattering about?

Looking at the network card stats they are racking up about 5k a second to apprently do nothing, this just seems to be chatter between the two, no traffic is flowing net side unless I instigate it by using email or a browser.

What do they neet to talk about (now that they trust each other) that they werent conversing about before? ;-)

Cheers

Peter