Results 1 to 7 of 7

Thread: Security for XP - Ports

  1. #1
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660

    Security for XP - Ports

    as follows:

    XP Pro, DSL Connection.

    i was wondering how i can restrict and secure my box virtually completely. i like to use NAV, and Sygate Personal Firewall. also Ad-aware (latest). thats pretty much a clean install and those are the first thing on....

    my question is mainly directed at port control. would it be easier to get a router/hardware firewall.... aswell as forementioned, or what programs give me absolute control over ports open and closed..... if there is such a program, otherwise i do it manually.

    and another question is what ports do you recommend to close either, temporarily and only for xx program, or closed permanently.??

    Any help would be great.. thanks..
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  2. #2
    portmon, the guys who made regprot also has something I think, most of this stuff will just show a process/filename thats it's in association with... either way, its up to you to get rid of services.

  3. #3
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    ah yes.. all the services etc i can handle... just specifically closing/opening ports at my discretion...
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    actally your right on track with a dsl router/firewall. by default it disallows all incoming traffic. that is all communication that was not initiated from your computer. a port is only open as long as a program that listens on that port is running to close a port turn of the service but that isn't really necessary if your using a firewall thats configured properly but it is good security practice to turn off any service your not using. as i said a router/firewall would do it nicely out of the box
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Junior Member
    Join Date
    Aug 2004
    Posts
    17

    great thoughts...

    Hardware/Firewall is nice, but not as flexible as you may want it to be further down the line. Great start, however, i would also add a file hasher to compare when an intrusion does occur, so then you will know what files they played with, etc......
    Try as much as you can to make sure you can run the programs as non-administrative(almost impossible under windows, but try nonetheless).....
    I believe with sygate you can specify which ports are open, etc.......

    Have fun and play well........

    once you feel comfortable, don't hesitate @ using a honeypot.

  6. #6
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    yes, sygate i have come to like quite well, because of the GUI and ease of creating rules and port control. i will definatly having router/firewall also. thanks for the help =)
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  7. #7
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    i was wondering how i can restrict and secure my box virtually completely
    Short answer, you can’t. ( I know, lock it in a safe, forget the combination, never connect to the Internet or any other computer, etc., etc., etc. ... )

    Remember the term, you will see it here and elsewhere very frequently; “ layered security”.

    But to get to what I assume you meant, Tedob1 has directed you appropriately. A “router/firewall” would add a layer between you and the Internet. The Internet would see the router but not your user computer. The firewall rules on the router would determine what got through to your user computer ( basically you want to deny everything that did not originate from your user computer ).

    Next you would put a firewall on the computer in question ( another layer ). This hopefully would protect you should your router be compromised. You already stated you are familiar with shutting down the unnecessary services ( another layer ) so it seems not to be an issue.

    Now,
    and another question is what ports do you recommend to close either, temporarily and only for xx program, or closed permanently.??
    That is really going to depend on what the computer is used for. Basically, close ALL ports, and open them only as needed.

    On the router end, AFAIK, most of these are now using a “stateful firewall” which means it will track what your user computer is requesting and only allow returns of those requests made by your user computer. The firewall may then forward a request on say, port 5000, because your computer requested a connection to a service which returned the request on that port. Your user computer would then have to open that port to continue the connection.

    On the user computer, ( for a Windows box ) I have no experience with Sygate Personal Firewal . But I believe that the Trend Micro PC-cillin Internet Security anti-virus also includes a firewall that allows the user to control port access.

    rijilv siad
    Hardware/Firewall is nice, but not as flexible as you may want it to be further down the line.
    Could you explain this a little more?? Why are they not flexible?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •