Port Scan Detected -- Now What? - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Port Scan Detected -- Now What?

  1. #11
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    I have to say that I agree to an extent. They shouldn't, "set it and forget it" as the dude from Ronco says (I love infomercials), however, they realistically wont bother to learn the intricate details of securing their system(s). I compare this behavior to password policies that are too strict. Because most end users gravitate towards ease, after a certain point, they'll end up taping their strong password to the back of the keyboard. The same goes for securing their system. We have to remember that these people don't see computers and technology in the same light as IT professionals. To the end user, everything is magic and always referred to as a "thingy".

    Give them enough information (presented in laymen's terms) to allow them to use the computer for the purposes they need.


    my 2 cents
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #12
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I _think_ what trakit might have meant, but the "meaning" was lost in his inimitable way, , is that the firewall should manage itself. It should check every time it is started and every 24 hours that it has been running to see if there are any updates for itself. Maybe also it should monitor user input and make certain decisions for itself. For example it notices that a user is clicking on an attachment to an email and the attachment immediately attempts to open a port... It should block it without any warning. If the user continues to click on it then possibly the user knows that the app is supposed to open a port and it is for a reason, so after 3 clicks it will pop up a simple dialogue, "The app you keep trying to open is of a suspicious nature and I am blocking it's activity. Would you like to over-ride my protection or see more details first? If you are unsure please select No. Yes, Details, No"

    For home networking it should be able to determine the network architecture. A quick look at the network settings of the local PC will tell it that it is on a 192.168 address, (thus private and not directly accessible over the net), and the default gateway is at 192.1681.1... Ok, it's probably a router. A quick scan of the subnet may reveal other computers.... Ok, it seems reasonable to assume that there is a private network behind a router of some kind, do nothing. Then if a remote computer on the private subnet requests a resource it would not be unreasonable to pop up a dialogue saying "It seems you have more than one computer on a private network and that another of your computers is trying to communicate with this one. Do you have more than one computer and are you networking these computers? If you have only one computer please select No. Yes, No". If the user is trying to network they will easily understand the concept - if they aren't they can easily understand that something bad may be going on. If the answer is yes, then 192.168.1.0/24 is automatically placed in the trusted zone and the firewall is never heard from again with regard to the network, otherwise no trusted zone is created.

    I think there is a lot that can be done to make security apps pretty much "fire and forget". There is, without doubt, a long way to go at present.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #13
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332
    Security architectures for the home user should be "install and forget". Know that you installed your firewall, and that it will do its best to keep the bad bits and bytes out, and the good bits and bytes in. Understand that the firewall doesn't keep you 100% safe, but it keeps you safer than you were before you installed it.

    This makes as much sense as saying, "We got gas in the car. I am not sure what this gauge on the dash with an E and F means. But we've got gas by god."

    *shakes head in disapproval*
    Your heart was talking, not your mind.
    -Tiger Shark

  4. #14
    Junior Member
    Join Date
    May 2004
    Posts
    17
    I _think_ what trakit might have meant, but the "meaning" was lost in his inimitable way, , is that the firewall should manage itself. It should check every time it is started and every 24 hours that it has been running to see if there are any updates for itself. Maybe also it should monitor user input and make certain decisions for itself. For example it notices that a user is clicking on an attachment to an email and the attachment immediately attempts to open a port...

    This will be a quickie response, sorry. A number of my Window Platforms were using Blackice and Zonealarm and this was before the malicious hackers installed their Backdoors and Trojan Horses on these systems. This was before these systems had any firewall installed on the computer. Hint, hint, hint people. How hard do I have to try to get people to realize that a firewall is **** if you have not installed it from the beginning of sticking your computer online? Tell me what proof you'll would like to see and it will be shown to you.

    trackit

  5. #15
    A number of my Window Platforms were using Blackice and Zonealarm and this was before the malicious hackers installed their Backdoors and Trojan Horses on these systems. This was before these systems had any firewall installed on the computer.
    So the Windows platforms were using Blackice and Zonealarm before they were infected, but they were infected after the firewalls were installed? That statement is contradictory. I realize you made a quickie response, when you have more time, work it out for us, thanks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides