Results 1 to 7 of 7

Thread: Interesting firewall thread

  1. #1
    Senior Member Kezzer's Avatar
    Join Date
    Sep 2003
    Posts
    4,863
    Thanks
    12
    Thanked
    5 times in 5 posts

    Interesting firewall thread

    Now, i always had to wonder if the software firewalls in windows were actually doing something, so, i checked it out.

    I followed a route to the corner of the web known as grc.com which gives some excellent utilities. The good one being "shields up" to test if your connection is any good. Now first let me state that back at home i pass this test FULLY. The reason being because my home network goes from the internet, to the "modem" then to a box for routing the internet connection with a smoothwall install on it (a linux distro designed as a firewall and for internet routing for those of you who don't know) which then goes to my WAP/Switch and then out to clients.

    So, over here in england i go from the net, to my computer. Right, let's jump into the grc shields up test with no firewall. 2 ports stealthed, the rest closed. Ok, let's turn on the windows firewall, same result. Ok, let's download and install sygate and enable all the secure features. Ok, still the same result. Now let's disable unPnP. Same result, an insecure system. Odd don't you think?

    Anyone else got any experience or knowledge in the so called "firewall" department?

  2. #2
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    384 times in 313 posts
    enough to not trust grc

    http://grcsucks.com

    you have NAT running at home so that all of your machines are on private IP's. Any open ports would those that the smoothwall woudl be responding to ( which isn't any seeing that smoothwall is a pretty locked down application )

    Think of security with a layered approach - an application layer firewall such as sygate or zone alarm or outpost will tell you which apps on your system are communicating with the outside world.

    A Nat based router ( such as smoothwall or a good DSL router ) adds a further layer of security to your system by ensuring that only incoming requests that you have port forwarded will get to your private network.

    GRC is a basic port scan , it doesnt' even cover well known trojan ports so dont view it as anything more than that. What it ISN'T is a "penetration test" which is the the only real way you'd see if your system was vulnerable.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  3. #3
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    384 times in 313 posts
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  4. #4
    Senior Member Kezzer's Avatar
    Join Date
    Sep 2003
    Posts
    4,863
    Thanks
    12
    Thanked
    5 times in 5 posts
    Ah i see, i wasn't aware that an NAT adds an extra layer ( i did network security at uni ). I always thought there was a set standard of layers all the time

    Interesting read about grc though

  5. #5
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    384 times in 313 posts
    by layer, I'm not talking about OSI layers

    just thinking of a layered approh to a secure system eg. hardware firewall , software firewall , up to date OS etc.

    there is no single product that will give you total security , but a combination of factors can get your pretty close ( ignoring the weakest element in any system , the user )
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  6. #6
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    This man Moby-Dick, he speak much that is good.

    Steve Gibson, of grc.com fame, is widely ridiculed in the Internet security world - now more of a marketing specialist than considered an authority within his field.

    The website is somewhere between a Wash & Go and a Radeon washing powder commercial to me.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  7. #7
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    384 times in 313 posts
    could he be the cillit bang! of the web?
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Longest thread ever
    By dkmech in forum General Discussion
    Replies: 25
    Last Post: 01-01-2005, 01:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •