Re: firewall ports
From: Berk S. Daemon (someone@somewhere.com)Date: 03/01/02
- Next message: Budai Laszlo: "Re: McAfee firewall"
- Previous message: unicron-x: "Re: OK, which one is best?"
- In reply to: Tim Vinton: "firewall ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Berk S. Daemon" <someone@somewhere.com> Date: Fri, 01 Mar 2002 06:13:25 GMT
"Tim Vinton" <tvinton@neo.rr.com> wrote in message
news:mLEf8.99046$Hu6.24452345@typhoon.neo.rr.com...
> I am wondering how safe my network is with the firewall i have set up.. I
> have a netgear router acting as a gateway and a firewall allowing my
network
> to access the internet... I have also opened up ports(4 for pcanywhere to
> connect to another network) and have directed them towards another
computer
> on my network ... these are non standard ports (ex not 80, 110, 25
> etc... ) how does this compromise the security to my network if at all?
> can much be done using these non standard ports? anything i can do to
> prevent security being compromised?
Hi Tim,
Generally speaking, the main concern would be opening ports to
insecure services or anything that's easily exploitable. Even if they're
non-standard ports, anyone can run nmap or any type of port scanner to see
what's open and work in exploiting the service from there.
ie, if say you opened port 123 and had some sort of insecure service
runnning on that port, then with that port open they could compromise that
service and do whatever can be done, based on the level of the exploit.
As a better example, say you were running an older version of IIS on port 80
(without some of the patches) and port 80 being open, well anyone with the
experience or some script kiddies could remotely exploit it and possibly
gain more access, if not, use that as a tunnel to your 'internal' network.
Same with some versions of sshd, telnetd, ftpd, windows services, etc. you
name it!
Now, if you were to take this at a higher level and think...
What if this service or daemon for that matter, is exploitable? Can they
gain remote access, delete files, read files, open up other services, setup
a trojan/backdoor, rootkit, gain internal access to the internal side of my
firewall and compromise that, hence opening up the firewall for more
possible exploits or even 'sniff' the internal network for more
compromisable services - and the list goes on and on.
Don't limit your security to just a firewall. Keep the firewall tight,
services off unless absoloutly needed, patch anything that's possible to be
exploited, etc.
Also, don't forget to filter for smurf attacks, TCP flags F,U,P (together,
in that order), source routing, IP options, IP Fragments, etc...
After you do all this too, you're still not secure! ;-)
Hell, even if you unplug the computer... A theif could walk in and steal
your computer, with all the data... hehe.
Hope this helps, or is kinda what you were looking for...
Regards!
-- Proud OpenBSD user/advocate - www.openbsd.org - where security
matters! --
- Next message: Budai Laszlo: "Re: McAfee firewall"
- Previous message: unicron-x: "Re: OK, which one is best?"
- In reply to: Tim Vinton: "firewall ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
