minitutorials main logo the place to learn online

Sponsor This Site!
Sponsorship Details - miniTutorials is taking enquiries into various Sponsorship opportunities. Available NOW! Read More on our Sponsorship page.
Discussion Forums
visit the mini tutorial forums
For expert help and advice on any of our Tutorials or anything else .... visit the forums and ask away!!

Last Five Posts :-


Warning: include() [function.include]: open_basedir restriction in effect. File(/var/virtual/web/w1785/cgi-bin/db.php) is not within the allowed path(s): (/var/kunden/webs/w0003/:/tmp/:/var/www/syscp/:/var/www/roundcubemail-0.2-beta/:/usr/share/phpmyadmin/:/etc/phpmyadmin/:/dev/:/var/kunden/webs/:/var/lib/php5/:/etc/apache2/sites-enabled/) in /var/kunden/webs/w0003/archives/rightbar_archives.ssi on line 21

Warning: include(/var/virtual/web/w1785/cgi-bin/db.php) [function.include]: failed to open stream: Operation not permitted in /var/kunden/webs/w0003/archives/rightbar_archives.ssi on line 21

Warning: include() [function.include]: Failed opening '/var/virtual/web/w1785/cgi-bin/db.php' for inclusion (include_path='.:/usr/share/php:/usr/bin') in /var/kunden/webs/w0003/archives/rightbar_archives.ssi on line 21

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/kunden/webs/w0003/archives/rightbar_archives.ssi on line 24

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/kunden/webs/w0003/archives/rightbar_archives.ssi on line 27
Click on a Topic Title
Google Ads

Firewalls & Security

web design logo

 

Firewalls

 

Under the Bonnet of your Firewall - Part 3

...and how do I know?

Part 3 - Page 1

 

In part 2 we looked at what your firewall should be doing, but how do you tell whether it is really doing anything? This comes down to testing and logs.

Testing



In an ideal world you would carry out the testing yourself so that you knew it had been done thoroughly, using a tool such as nmap. In practice this is difficult, especially to test the firewall from the outside, i.e. from the crackers' eye view. The usual solution is to go to a website which offers to test your system (see links below), follow the instructions and read the results. The basic idea is that the computers at these sites attempt to connect to a range of ports on your machine to see whether they can. If they are able to make a connection, and you haven't set up any server processes on your computer, it is an indication that a) your firewall may not be working and b) you may have a trojan installed, or c) your operating system is poorly configured. Note that some of these sites refer to ports being in 'stealth' mode or as being filtered. This means the packets are being denied and is an indication that the firewall is doing it's job. If the ports are shown as closed it means that either a) the firewall is not blocking the packets but there isn't a process listening on that port anyway, or b) you are running a firewall that rejects packets rather than denies them. In the case of a) it is not an insecurity in itself, but you probably want to track down the reason. In the case of b) it's nothing to worry about. There is a debate about whether it is best for firewalls to reject or deny but in practice it's a fairly academic point.

You will recall from part 1 of this FAQ that a computer using TCP/IP could have a process listening on any one of 65535 ports. It isn't practical at the moment for these online tests to probe all of these, it would take too long, so they tend to check some of the more common ones in terms of known vulnerabilities. It's important to remember that a clean bill of health from one of these sites isn't a cast iron guarantee of security, rather that you are at least not suffering from the most common holes.

Links


https://grc.com/x/ne.dll?bh0bkyd2

http://hackerwhacker.com:4000/
 (but your mileage may vary depending on how your ISP works).

http://www.auditmypc.com/
 (fast and fairly thorough service)

http://www.dslreports.com/secureme_go
(need to create free account)

There are also pay services which do an even more comprehensive job. A search in your favourite engine for 'firewall testing' will bring up plenty of leads.

A great site with a range of information is http://www.firewallguide.com which also has links to reviews of various firewalls.

Logs



Logs are where your firewall records activity it has seen and possibly what it did in response to that activity. It is worth becoming familiar with how your firewall records this information as it is here you'll need to look if you suspect that your computer has been the subject of an attack, and if you want to take further action about it.

[ Back to Part 2 ] - [1][ 2 ][ 3 ][ 4 ] - [ Forward to Part 4 ]

 

 

About Us | Site Map | Privacy Policy | Accessibility |Contact Us | ©2003 - 2006 miniTutorials.com