Interesting firewall thread

[Kezzer]

Now, i always had to wonder if the software firewalls in windows were actually doing something, so, i checked it out.

I followed a route to the corner of the web known as grc.com which gives some excellent utilities. The good one being "shields up" to test if your connection is any good. Now first let me state that back at home i pass this test FULLY. The reason being because my home network goes from the internet, to the "modem" then to a box for routing the internet connection with a smoothwall install on it (a linux distro designed as a firewall and for internet routing for those of you who don't know) which then goes to my WAP/Switch and then out to clients.

So, over here in england i go from the net, to my computer. Right, let's jump into the grc shields up test with no firewall. 2 ports stealthed, the rest closed. Ok, let's turn on the windows firewall, same result. Ok, let's download and install sygate and enable all the secure features. Ok, still the same result. Now let's disable unPnP. Same result, an insecure system. Odd don't you think?

Anyone else got any experience or knowledge in the so called "firewall" department?

[Moby-Dick]

enough to not trust grc

http://grcsucks.com

you have NAT running at home so that all of your machines are on private IP's. Any open ports would those that the smoothwall woudl be responding to ( which isn't any seeing that smoothwall is a pretty locked down application )

Think of security with a layered approach - an application layer firewall such as sygate or zone alarm or outpost will tell you which apps on your system are communicating with the outside world.

A Nat based router ( such as smoothwall or a good DSL router ) adds a further layer of security to your system by ensuring that only incoming requests that you have port forwarded will get to your private network.

GRC is a basic port scan , it doesnt' even cover well known trojan ports so dont view it as anything more than that. What it ISN'T is a "penetration test" which is the the only real way you'd see if your system was vulnerable.

[Moby-Dick]

Interestign page on Shields UP.

http://www.jluster.org/archives/11/shieldsup-analyzed/

[Kezzer]

Ah i see, i wasn't aware that an NAT adds an extra layer ( i did network security at uni ). I always thought there was a set standard of layers all the time

Interesting read about grc though

[Moby-Dick]

by layer, I'm not talking about OSI layers

just thinking of a layered approh to a secure system eg. hardware firewall , software firewall , up to date OS etc.

there is no single product that will give you total security , but a combination of factors can get your pretty close ( ignoring the weakest element in any system , the user )

[Paul Adams]

This man Moby-Dick, he speak much that is good.

Steve Gibson, of grc.com fame, is widely ridiculed in the Internet security world - now more of a marketing specialist than considered an authority within his field.

The website is somewhere between a Wash & Go and a Radeon washing powder commercial to me.

[Moby-Dick]

could he be the cillit bang! of the web?