|
Personal Firewall
But this is only a first stop, offering a
low-level of security.
The TCP/IP protocol
with its multiple services using different ports will still allow an attacker
coming in from the Internet to find out information about your
system.
I suggest that you test the security of your
system and visit on the Internet www.grc.com , click
on the "Shields UP":

You can then run a check on your network security and your TCP/IP
ports:
Lets look at the Network security of my system
with "Test My Shields !"
|
 |
 |
Attempting
connection to your computer. . .
Shields
UP! is now attempting to contact the Hidden
Internet Server within your PC. It is likely that no
one has told you that your own personal computer may now
be functioning as an Internet Server with neither
your knowledge nor your permission. And that it may be
serving up all or many of your personal files for
reading, writing, modification and even deletion by
anyone, anywhere, on the Internet!
Please
Note: On highly secure systems this may take up to one
minute. . . |
 |
Preliminary
Internet connection established!
Your
computer has accepted an anonymous connection from
another machine it knows nothing about! (That's
not good.) This ShieldsUP! web server has been
permitted to connect to your computer's highly insecure
NetBIOS File and Printer Sharing port (139). Subsequent
tests conducted on this page, and elsewhere on this
website, will probe more deeply to determine the extent
of this system's vulnerability. But regardless of what
more is determined, the presence and availability of
some form of Internet Server HAS BEEN CONFIRMED within
this machine . . . and it is accepting
anonymous connections!

The rest of this website explains the implications and
dangers of your present configuration and provides
complete and thorough instruction for increasing the
security of this system. At the moment, any passing high
speed Internet scanner will quickly spot this computer as
a target for attack. (When this page has completely
finished displaying, you might wish to sneak a quick peek
at these two pages to see what lies ahead at this
website: )

The
phrase you must remember is:
"My port 139 is wide OPEN!" |
 |
Unable
to connect with NetBIOS to your computer.
The
attempt to connect to your computer with NetBIOS protocol
over the Internet (NetBIOS over TCP/IP) FAILED.
But, as you can see below, significant personal
information is still leaking out of your system and
is readily available to curious intruders. Since you do
not appear to be sharing files or printers over the
TCP/IP protocol, this system is relatively secure.
It is exposing its NetBIOS names (see below) over
the Internet, but it is refusing to allow connections, so
it is unlikely that anyone could gain casual entry into
your system due to its connection to the Internet. |
 |
Several
of your private names are being served up to the
Internet by the Windows networking system. (see below)
While it's unlikely that this information can be
exploited, you
should know what anyone can learn about you and your
system. |
 |
 |
 |
 |
|
C500 |
Your User Name |
C500 |
Your Computer's Name |
NT4_T300 |
Your Workgroup |
|
Looks like a big security hole with the
"File and Printer Sharing port (139), it found out
my computer name and the workgroup name.
Lets look at the Network security of my system with "Probe
my Ports !"

21 |

FTP |

Closed |
Your
computer has responded that this port exists but is
currently closed to connections. |

23 |

Telnet |

Closed |
Your
computer has responded that this port exists but is
currently closed to connections. |

25 |

SMTP |

Stealth! |
There
is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address! |

79 |

Finger |

Closed |
Your
computer has responded that this port exists but is
currently closed to connections. |

80 |

HTTP |

Closed |
Your
computer has responded that this port exists but is
currently closed to connections. |

110 |

POP3 |

Closed |
Your
computer has responded that this port exists but is
currently closed to connections. |

113 |

IDENT |

Closed |
Your
computer has responded that this port exists but is
currently closed to connections. |

139 |

Net
BIOS |

OPEN! |
As
you probably know by now, the NetBIOS File Sharing port
is the single largest security hole for networked Windows
machines. The payoff from finding open Windows shares is
so big that many scanners have been written just to find
open ports like this one. Closing it should be a priority
for you! |

143 |

IMAP |

Closed |
Your
computer has responded that this port exists but is
currently closed to connections. |

443 |

HTTPS |

Closed |
Your
computer has responded that this port exists but is
currently closed to connections. |
 |
The
current configuration has a direct
and un-controlled connection to the Internet
|
 |
 |
 |
 |
|
We need to add an additional module between the
Internet and your system ( which monitors
all TCP/IP traffic and stops any unsecured communication), called
: Firewall :
A Firewall can be a dedicated System (running
just the Firewall program), which is usually the case
when protecting the connection between a large Local Area Network
and the Internet.
Such professional Firewalls are often a combination with a Proxy-server, allowing User-control
and monitoring (which websites have
been visited ? exclusion of certain websites)
For small networks or just for the connection of a single system
to the Internet
( SOHO: Small Office
- Home Office ),
a Firewall can be just a software program running on
the PC, then called a "Personal Firewall",
working as "packet-filters" just looking at the
IP-packets received/transmitted based on their PORT-number.
There are several
packages available on the market (free / Shareware / to be
purchased):
 |
ZoneAlarm from www.zonelabs.com
(compatible with
Win95/98/ME/NT/2000)
ZoneAlarm is free for Personal and non-profit use
ZoneAlarm Pro is a professional Firewall solution (to be
purchased) |
If you like your product to be listed
here, please contact me. |
As an example for an installed Personal Firewall, I used
ZoneAlarm:
 |
if you now test your Security of your
system
via www.grc.com, all incoming illegal calls will
be blocked off and not even answered anymore. |

Port |

Service |

Status |
ecurity
Implications |
|

21 |

FTP |

Stealth! |
There
is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address! |

23 |

Telnet |

Stealth! |
There
is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address! |

25 |

SMTP |

Stealth! |
There
is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address! |

79 |

Finger |

Stealth! |
There
is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address! |

80 |

HTTP |

Stealth! |
There
is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address! |

110 |

POP3 |

Stealth! |
There
is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address! |

113 |

IDENT |

Stealth! |
There
is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address! |

139 |

Net
BIOS |

Stealth! |
There
is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address! |

143 |

IMAP |

Stealth! |
There
is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address! |

443 |

HTTPS |

Stealth! |
There
is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address! |
Port
Status Descriptions: 
If
all of the tested ports were shown to have stealth
status, then for all intents and purposes your
computer doesn't exist to scanners on the Internet!
It
means that either your computer is turned off or
disconnected from the Net (which seems unlikely since you
must be using it right now!) or an effective stealth
firewall is blocking all unauthorized external contact
with your computer. This means that it is completely
opaque to random scans and direct assault. Even if
this machine had previously been scanned and logged by a
would-be intruder, a methodical return to this IP address
will lead any attacker to believe that your machine is
turned off, disconnected, or no longer exists. You
couldn't ask for anything better.
There's
one additional benefit: scanners are actually hurt by
probing this machine! You may have noticed how slowly the
probing proceeded. This was caused by your firewall! It
was required, since your firewall is discarding the
connection-attempt messages sent to your ports. A
non-firewalled PC responds immediately that a connection
is either refused or accepted, telling a scanner that
it's found a live one ... and allowing it to get on with
its scanning. But your firewall is acting like a black
hole for TCP/IP packets! This means that it's
necessary for a scanner to sit around and wait for
the maximum round-trip time possible across the
entire Net, into your machine, and back again
before it can safely conclude that there's no computer at
the other end. That's very cool.
FALSE STEALTH REPORTS
A "Stealth" port is one from which no reply is
received (neither acceptance nor refusal) in response to
a connection initiation request. This ShieldsUP web site
sends a series of four connection requests,
waiting for any reply after each one. If no reply is
received to any of them, the port is declared to be
"Stealth" . . . and for all
intents and purposes that's exactly what it is. But
Internet "packets" are continually being lost
in route to their destination. When Internet
"routers" are overloaded with traffic they have
no recourse other than to simply drop packets completely,
hoping that they will be resent when the destination
fails to acknowledge their receipt. This, of course, is
why we try four times to get through.

Therefore, if prime-time Internet congestion coupled with
a slow or noisy connection were to cause those four
packets to become lost or garbled, our port test would
show "Stealth" when your port would have
replied if it had ever received the request.

If you suspect that this may have happened during the
assembly of the report above, simply refresh your
browser's page to re-run the tests. If the results differ
you can presume that congestion or a weak connection were
the temporary cause.
|
The protection of a firewall should be for both
directions: incoming and outgoing.
 |
Incoming:
I did not expect this:
within minutes of installing the Firewall,
I got 3 alerts: my system received from
3 different sources a PING signal ,
all within 1 minute !
Somebody probing for a target ? |
 |
Outgoing:
When starting a program to use the
Internet connection (like in
this example:
Outlook Express), the Firewall
will ask you
whether this is a valid access.
(there are viruses , which try
to connect back
to their home-server to transmit confidential
data of your system , like passwords ! ). |
 |
The firewall builds a
list of programs
allowed to connect out to the Internet. |
 |
You need to check the
security Settings,
in this case under "Advanced" and
declare by placing a checkmark, that
network traffic on a LAN adapter does
NOT to be checked, otherwise PING will
not work to this system on the LAN and
the systems will not see each other in the
Network Neighborhood, if only
TCP/IP
protocol is installed. |
|