| Author |
Topic: Getting DSL-Do I need a firewall? |
JB Arnold
From:
Longmont,Co,USA (deceased)
|
Posted 16 Jul 2000 6:18 am |
|
I'm finally getting high speed DSL service, which I've needed for a while. Since I'll always be online with that, Should I be looking at Firewall software? I'm lost, here, know absolutely nothing about it or how it works.
Thanks in advance
John
------------------
Better Late than Never!
www.johnbarnold.com/pedalsteel
|
|
|
 |
Bill Llewellyn
From:
San Jose, CA
|
Posted 16 Jul 2000 7:39 am
|
|
The conventional wisdom is that you need a firewall. DSL is an always-on connection and has a fixed IP address, so if your computer spends a lot of time on as well, there'd be plenty of time for some hack to crack it. They say that even if it's off most of the time it's at risk. Firewalls are only about $49, anyway (I think I saw that price on a Norton firewall at www.symantec.com/sabu/nis/npf ). Good insurance.
------------------
Bill (steel player impersonator) * MSA Classic U12 * email * my online music[This message was edited by Bill Llewellyn on 16 July 2000 at 08:44 AM.] |
|
|
|
Jeff Agnew
From:
Dallas, TX
|
Posted 16 Jul 2000 12:36 pm
|
|
Without question, yes.
You don't mention which platform you use. If it's Windoze, one of the best firewalls is free: ZoneAlarm, available from ZoneLabs.
If you're using a PowerMac, a firewall is much less important, at least until the UNIX-based OS X. Meanwhile, the Open Doorstop Personal Firewall is a good choice.
If you're using Linux/UNIX you should be implementing IPCHAINS, which is built-in to all systems.
Also, if you're using Windoze you should learn how to stealth all the open ports Microsoft insists on enabling by default. For complete information and a test of your vulnerability, visit Steve Gibson's excellent ShieldsUp site.
Stealthing your ports will leave you virtually undetectable to some script kiddie running an elementary port scan.
Regards,
Jeff[This message was edited by Jeff Agnew on 16 July 2000 at 01:43 PM.] [This message was edited by Jeff Agnew on 16 July 2000 at 01:44 PM.] |
|
|
|
Rich Paton
From:
Santa Maria, CA.,
|
Posted 21 Jul 2000 12:55 am
|
|
If you would like to check out the ZoneAlarm log file of attempted probes to my system, I will e-mail yo a text file copy. There's a LOT of entries!
dr_electron@hotmail.com |
|
|
|
Jeff Agnew
From:
Dallas, TX
|
Posted 21 Jul 2000 1:57 pm
|
|
Rich,
| Quote: |
| If you would like to check out the ZoneAlarm log file of attempted probes to my system |
That's normal. Part of it is attributable to Internet background radiation. Concerted (repeated) attempts are the result of automated port scanners, sifting through a sequential list of IPs. They're not targeting you in particular; they're looking for any address with an open port to exploit known weaknesses.
If your ports are stealthed it doesn't matter how many times you get probed. A stealthed port returns no response. To use the common analogy of a house:
A closed port says, "I'm here, but you can't come in. My door is locked." An open port says, "Come on in, my door's unlocked. Take what you want." With a stealthed port, however, the intruder doesn't even know your house exists. No house number, no street address.
Regards,
Jeff |
|
|
|
