I DID IT! Achieved security perfection!

[Finalheaven]

We all know and love shields up. Well, when I first used it, my port 113 was returned as closed, and my LAN replied to pings. Well, I finally took the time to change some settings on my router, and VIOLA! All tests passed on shields up. I'm a security nirvana!

[Rob2687]

Good job

[wayne_abx]

Hi Finalheaven,

Please don't get to complacent, while this is good for your router/firewall and Network it still doesn't protect you against Viruses, Trojans and worms only a good AV/TD and your vigilance would help in protecting your PC!

By the way.. good job

-wayne

[pointreyes]

I thought the only way to have complete security of the computer is to not have one.

[wayne_abx]

Quote:

Originally Posted by pointreyes

I thought the only way to have complete security of the computer is to not have one.

Umm...

Ok.. maybe not to far off

-wayne

[Finalheaven]

I agree wayne. I've taken steps there as well.

I do have a question about this though. If I setup my firewall to deny all incoming pings to my LAN, I can't seem to connect using XP's crappy FTP. And I use that to manage my site. LOL. I know I should be using something else. Is there a way to block unwanted pings, yet still be able to use XP's FTP? IE is there a way to distinguish between good pings and bad pings? Thanks.!

[Fraoch]

Finalheaven:

If you're on a security "kick" and you have some underpowered hardware around (IIRC you built a low-cost system about a month ago) check out ClarkConnect. I just got it up and running tonight and I think it's the greatest thing since the mouse!

It loads a specialized Linux OS onto your box, essentially turning it into a dedicated firewall with most or all the power of the "big boys". You don't need to know Linux to run it as everything is controlled through a slick web interface.

The software is in continual development (it's modular and upgradeable piece-by-piece) and the Home and Firewall/VPN versions are free!

Just be prepared to lose your "perfect" picture since it listens on a port right in the middle of the GRC scan image for the web interface. However, the port is secured with 128-bit encryption and requires a user name and password. Plus, since it's Linux, it's naturally harder to break into.

It's a lot of fun setting everything up as well!

[Finalheaven]

oooh good call fraoch. aye, I have my suse linux box sitting right here next to me. When I'm not spending time on my main rig, I play with the 'toddler' as i like to call it (costing less than $260, it makes sense why). I'll check clarkconnect out.

[wayne_abx]

Quote:

Originally Posted by Finalheaven

I agree wayne. I've taken steps there as well.

I do have a question about this though. If I setup my firewall to deny all incoming pings to my LAN, I can't seem to connect using XP's crappy FTP. And I use that to manage my site. LOL. I know I should be using something else. Is there a way to block unwanted pings, yet still be able to use XP's FTP? IE is there a way to distinguish between good pings and bad pings? Thanks.!

Hey, if all your ports are showing 'Stealth' and you are sure you don't have any Trojans, Worms or Viruses, don't worry about the pings. Pings are natural part of Broadband Life (unfortunately) I would be concerned if you started to get swamped to the point of causing connection or surfing problems. Not all pings are bad and for some things, pings are needed!

-wayne

[Fraoch]

An update on the ClarkConnect info I posted - you do not need the ports open, so I stealthed them - see here.

[ThugsRook]

i dont understand ~ even a standard WXP firewall can do this.

whats the point of this thread?

[Finalheaven]

Pride?!

The point is it's not by default, and not a lot of people bother. I was just proud cause I can found my problem ports (that were showing as closed), and stealthed them myself.

Don't people post here all the time when they build a new machine, or even buy a new machine? And I think it's great that they do. I was just adding my own personal achievment.

[TCM]

Quote:

Originally Posted by Finalheaven

Well, when I first used it, my port 113 was returned as closed, and my LAN replied to pings.

oh boy, you have no clue and freak out about a "security test" telling you all your ports are "stealthed" while at the same time you probably broke some normal network functions by blocking icmp? closed ports are problem ports? ftp breaks by blocking pings? you have some serious network magic going on there.

the thread subject alone makes me shake head.

really, it may sound arrogant but get a clue, please.

[billfuddled]

Quote:

Originally Posted by TCM

really, it may sound arrogant but get a clue, please.

Yes, you're right, it does. How 'bout writing us up your guidelines to securing one's network connection? Add something positive to the thread.

[Endaar]

Quote:

oh boy, you have no clue and freak out about a "security test" telling you all your ports are "stealthed" while at the same time you probably broke some normal network functions by blocking icmp? closed ports are problem ports? ftp breaks by blocking pings? you have some serious network magic going on there.

the thread subject alone makes me shake head.

really, it may sound arrogant but get a clue, please.

I'll bite. What client-side functions would he have likely broken by blocking ICMP? As you note, FTP should not break by blocking ICMP packets. Nor should anything else.

Endaar