which firewall?

[mechBgon]

I had dslreports do the "limited free scan" against my IP, which is one Win2k system with ZoneAlarm, one Win98 system with ZoneAlarm, and two Win98 systems without ZoneAlarm (one of which was running at the time). All four are behind a Linksys cable/DSL router.

The results of the scan were perfect: no response from my IP. Additionally, ZoneAlarm had no alerts to report regarding the scan, from which I'm concluding that the Linksys router is a good first line of defense from outside attack.

 

[cpars]

report from full security scan

 

[Netopia]

About Gibson's site being down, read this AWESOME article by him talking about WHY he was down and what his next project will be. He is VERY BIG on ZA.... but read. All I can say is I WISH I had half the knowledge that Gibson has!

Wild Article worth your time reading!

Joe

 

[Nohr]

<< All I can say is I WISH I had half the knowledge that Gibson has! >>



I'd settle for 10%.

 

[Viztech]

Nohr-

Amen on the 10%!

Try the Gibson leak test utility on your ICS setup. This will test what I am talking about. My system failed it, BTW

viz

 

[Nohr]

I passed. Renamed the leaktest to a program Tiny would normally let through, and then moved it to the appropriate directory after renaming the original program. Ran it and Tiny asked if I wanted to accept this new file as a replacement for the old. Just said no and that was that. However, since I don't run firewalls on my two other networked computers, they'd fail of course. One's just an OGR node that I don't have to worry about. Perhaps I should install Tiny on my wife's computer. Up til now I kinda figured that having it installed on my gateway machine was enough.

What firewall are you using that failed you Viz?

 

[Robor]

I'm behind a Linksys router and am not running any firewall on the internal machines so when I ran the Leak Test my system failed, of course. So what, now being behind a router isn't enough? Am I reading this wrong or should I have a firewall (Zone Alarm) on all of the internal machines as well?

Rob

 

[Viztech]

Robor and Nohr should both take a look at Steve's page on using the hardware router/firewall

That was precisely my situation. I am using Microsoft's Proxy Server 2 on an NT4 server. I haven't been running the screws down very tight at all on it either. It is like an Enterprise sized Linksys router for purposes of this discussion. The NetBus trojan was easily able to phone home and the PS2 software did as designed leaving the port open for the subsequent incoming connection that NetBus asked for on the way out.

I am fairly well protected from incoming attacks, but the &quot;internal extrusion&quot; that Steve is talking about I am wide open for attack. In my case, my son downloaded the netbus variant from a wanna-be hacker who he was gaming with via ICQ. He did not virus scan it, but he executed the trojan and installed it. Norton AV picked it up during a routine weekly scan of the entire computer and we dealt with it then. Everything that I have read points out that Zone Alarm would have stopped it when it first tried to phone home. The rest of the story sounds alot like Steve's troubles with Earthlink and @Home that he described during his ordeal, as we found that our little creep was from Barstow California and was using AOL. He was 14 at the time, BTW.

Anyway, it looks as though the TA crowd is getting very &quot;firewall aware&quot; now. I'll be putting the free Zone Alarm on all my machines.

viz

 

[Dougal]

I'd have to give a big thumbs up to ZoneAlarm. I've been using it for almost a year now and it's a great piece of protection. At home I have a small network with up to 3 machines using an ICS connection at any one time. All of these sit behind Zonealarm and it's worked perfectly. I was using BlackIce until I read the reports from the GRC website and realised just how insecure it actually was.

I feel a LOT safer behind ZoneZlarm. So impressed that I bought the Pro version, if nothing else just so that I've paid my bit towards future development and research.

 

[Jani]

This site claims Shields Up spreads misinformation. I didn't understood even half of it... hidden shares etc. :frown:

 

[Robor]

Jani: I read some of the points made against the Shields Up! page and most of them are trivial and nitpicky. Almost sounds like the author of that page has a personal grudge against Gibson.

Rob

 

[wrickard]

I just read that grc article on his semi-recent ddos experience. Afterwards, I installed zone alarm. I might check out tiny. I need to protect a win2k server at work that we use as a database server. Any suggestions for protecting the win2k server?

 

[RaySun2Be]

Wrickard,
First thing is to make sure that that W2K server has all of the latest patches and security updates. Don't just trust the WindowsUpdate function, but go to the download page and request all downloads. Compare those to the WindowsUpdate list and make sure you have them all installed.
You can download ZoneAlarm (I have it running on a Win2KPro box at home), but get work to fork out the few bucks for the business license and version.

There are also commercial firewalls out there that are good. Pricy, but good. There are also hardware/software combo devices that you can get. It just depends on how secure you need to be, and how much money you can spend.

 

[Dougal]

wrickard, Ray,

I'm looking at doing a similar thing but from what I've seen of ZoneAlarm so far it's a bit too good. I might be missing something here but I can't see a way to allow an outside machine access to a particular port (e.g. port 80, web) on the server. This unfortunately means I'm stuck. Does anyone know if this can be done, or if Tiny or any other preferably free firewall has a feature like this?

 

[Robor]

Hmmm... Dougal brings up a good point. I frequently map ports on my Linksys router so I can host games on my system. If Zone Alarm isn't going to allow outside people to connect to my PC I'm not going to be able to host.

Rob

 

[TwoFace]

ZA allows for incoming connections as well as outgoing ones. Just select the option &quot;allow server&quot; (not 100% sure on the name) for both LAN and InterNet and you're good to go. If you want to forward ports you can do that as well with a machine with ZA on, but you'll have to allow the portforwarder to act as server...

Hope this clarifies some, if you want I'll look up the exact option name and post screenies when I get home...

With love and respect your fellow TA member

Two-Face
My stats:
RC5
OGR-25
Seti
Gamma Flux

 

[Smoke]

I just ran the Shields Up test and failed. I'm using an Alcatel Speed Touch Home DSL Modem behind a new Wired/Wireless Linksys Router.

Linksys Tech Support told me to not run Zone Alarm...I didn't need it.:disgust:

I would appreciate a suggestion.:disgust::frown:

 

[JonB]

Smokeball, what failed? If it was the &quot;Ident&quot; function only, then no big deal. What Ports were open? Once you know that, you should be able to close things up.

I have a D-Link DI-713 Wireless/4port switch/firewall/gateway and it gives me a lot of control. Shields Up showed me fully stealthed.

 

[Smoke]

The message was short and sweet without details that I could see.

FIREWALL PENETRATED

LeakTest WAS ABLE to connect to the GRC NanoProbeServer!

 

[cpars]

Tiny Pfw caught it and asked for permission, I was thinking I had tried zone alarm and it also had asked permission to connect.

 

[Viztech]

Smokeball-

That was the EXTRUSION test that failed. All of the hardware firewalls TIKO will fail that one. Get Zone Alarm

viz

 

[Smoke]

I was using ZA when I had some difficulties with the router, Linksys instructed me to ditch it. I did and problem (could have been something else?) went away.

I have downloaded and installed Tiny. With that running my system passed both Shields Up and the DSL Security Program. So far....so good. I have it installed on each machine of my network.

I'll check-in tomorrow with a report if anything unusual happens with a full work day. Right now...all is copasetic.