How secure is your computer? Shields Up!

growse · 17 Jul 2006 at 14:37

Curiosityx said:
They only do a good job because by default they deny any incomming connection, firewalls are judged by how well they inspect traffic that is allowed through.

If you deny all access from the outside interface to the inside then yes it will do a very good job because you cant crack something that wont allow a connection in the first place.

Equally, a firewall that lets absolutely no traffic through whatsoever is about as useful as disconnecting your computer from the network.

CurlyWhirly · 17 Jul 2006 at 17:11

NathanE said:
Correct. But how will the worm get to me if I'm patched up to date and behind a NAT?

I didn't know that NAT can also be effective in stopping worm and viruses!
I thought it was mainly used to stop hackers.

NathanE said:
Plus I subscribe to the CERT and ISC mailing lists so I know when to hunker down.

I've never heard of the CERT and ISC mailing list so I Googled and it sounds like a very handy service to subscribe to.

NathanE said:
Like I did one week before Blaster struck.

I will admit to getting caught out despite having AV and a software firewall as back then I had Automatic Updates turned off

This was the wake-up call I needed to make me more security conscious and is the reason why I regularly run malware scans, keep my O/S up to date and run both a AV and firewall.

Just a little query if you would, back then if I had had a router would NAT have stopped the MSBlaster worm even if my O/S wasn't patched?

NathanE said:
Of course I'd know OK I admit there could be a root kit on my PC. But neither myself nor any current AV software would be able to tell.

I know what you mean as when I run RootKit Revealer, I don't know what is good and what isn't in the results.

NathanE said:
I've actually worked in the firewall/AV industry for over 6 years (exited it 2 months ago) and you'll be surprised how many engineers working for the likes of Symantec, Trend Micro, McAfee etc don't actually use any kind of AV or personal firewall crap.

I'm rather surprised at this though I suppose if you work for a security company like McAfee or Symantec then you know your security or you wouldn't be working there in the first place!

Phemo · 17 Jul 2006 at 17:32

CurlyWhirly said:
Just a little query if you would, back then if I had had a router would NAT have stopped the MSBlaster worm even if my O/S wasn't patched?

Yes. Blaster exploited a vulnerability on TCP port 135. If you're using a router and someone attempted the exploit, it'd hit the router and be dropped - unless you had port 135 forwarded for some unknown reason.

CurlyWhirly · 17 Jul 2006 at 17:35

Phemo said:
Yes. Blaster exploited a vulnerability on TCP port 135. If you're using a router and someone attempted the exploit, it'd hit the router and be dropped - unless you had port 135 forwarded for some unknown reason.

Thanks for that

It seems that my recent decision to invest in a router was a good one.
I used to use a USB modem before.

tolien · 17 Jul 2006 at 20:11

Blaster was also the reason most ISPs blocked port 135 (among others) at their border routers (though you're still vulnerable from users on the same ISP), and some ISPs (Plusnet) redirected you to a page if they detected traffic on that port.

RobH · 17 Jul 2006 at 22:57

CurlyWhirly said:
I didn't know that NAT can also be effective in stopping worm and viruses!

I thought it was mainly used to stop hackers.

NAT wasn't designed to stop hackers. It is a way of making sure computers sharing a single IP can get their traffic fowarded to them that they made a request for. The fact that NAT drops any traffic not requested is what makes it secure. The security benefit can be considered a side-effect of NAT - it creates a natural firewall.

Everyone should own a NAT router.

Energize · 17 Jul 2006 at 23:13

Energize said:
FIN/UDP/XMAS/NULL scan said all 15 common ports open.

SYN/ACK/CONNECT scan said all 15 ports weren't responding?

Anyone???

tolien · 17 Jul 2006 at 23:30

I get the same result. IPS signatures pick up on it though.

Get the "OMG you FAILED0R" result from GRC though, because my router responds to an ICMP Echo Request :rolleyes:

Beansprout · 17 Jul 2006 at 23:31

Pottsey said:
I can understand someone not wanting a AV installed and running 24/7 but 1 full system scan a month is a must.

I haven't run AV for *years* and I've never had any viruses - ever.

Reason? I'm not Average Joe...I "know computers", I think, etc etc.

That said I've started running AVG Free recently just incase. Mainly because I work on this system and just can't risk anything.

bitslice · 17 Jul 2006 at 23:58

I'm starting to feel that running AV on email gateways is a waste of time as well.
Nothing but .pif and .scr files everyday (...yawn)

I saw a .B64 file once, I almost framed it...

what's the point in scanning for umpteen exploits if virus writers never use any of them ?

I blame the teachers

.

CurlyWhirly · 18 Jul 2006 at 13:24

RobH said:
NAT wasn't designed to stop hackers. It is a way of making sure computers sharing a single IP can get their traffic fowarded to them that they made a request for. The fact that NAT drops any traffic not requested is what makes it secure. The security benefit can be considered a side-effect of NAT - it creates a natural firewall.

That's interesting and I understand now.

RobH said:
Everyone should own a NAT router.

I agree, I think USB modems are becoming less popular.