Re: Finally, a secure computer

From: Karl Levinson [x y] mvp (levinson_k@despammed.com)
Date: 03/16/03 

From: "Karl Levinson [x y] mvp" <levinson_k@despammed.com>
Date: Sun, 16 Mar 2003 13:26:19 -0500

You've certainly got a good start, though

1) adding ICF to ZoneAlarm is probably not going to add extra security.
It's probably better to only run one software firewall [e.g. disable ICF]
since this is probably untested and unsupported;

2) you do want to confirm from time to time that your antivirus didn't have
trouble downloading updates [I'm not sure about AVG pro, but my AVG freeware
antivirus by default only downloads updates once a month, which probably
isn't enough, and also I'm not sure what happens if the download attempt
occurs when the internet connection isn't connected];

3) I don't know which port scanner you used, but usually they don't check
all ports, just the common ones. There are 130,000 TCP and UDP ports and it
takes quite a while to check them all. It may be adequate to just check
some and not all ports, but sites like www.grc.com just don't check enough
ports.

4) Note that both AVG and Zone Alarm can be disabled by trojans or stop
working for a variety of reasons.

5) Your configuration sounds pretty secure, though you never know what new
security vulnerabilities will be discovered later. What's secure today
might not be secure tomorrow. Also, I would never say that it's impossible
for a hacker to get into a system, just that it's unlikely.

You didn't mention patches and hardening checklists. I would really
consider doing some of these for "defense in depth" in case your firewall or
antivirus fails to protect you at some future date.

http://securityadmin.info/faq.htm#harden

While you say that you would never open an email attachment, there are a
number of ways an attachment could run automatically if you're using Outlook
or OE with the preview pane open, or an email could download and run
malicious code from a web site even if there is no attachment on the email.

There are other types of attacks that are uncommon, but theoretically
possible, such as 1) you or your computer is enticed to visit a web page
containing hostile code, 2) DNS cache poisoning is used to redirect you to
such a web site; 3) DNS trickery is used to make your AVG software or
another auto-update software to download and run malicious code from a web
server masquerading as an update server, etc.

Last, your firewall is only as secure as its configuration. One thing that
disturbs me about ZoneAlarm is that the configuration changes dynamically
depending on whether the computer user accidentally clicks the wrong thing.
Any security setup that offers a choice to the computer operator and relies
on the human to make the correct decision 100% of the time is IMHO less than
100% secure.

"Walter E." <wer25@yahoo.com> wrote in message
news:Avnca.13848$0r1.1575165@twister.socal.rr.com...
> I recently switched from win 98 and PWS4 to Win XP and IIS. I was
concerned
> about the inherent security problems with IIS. I only use the IIS for web
> design and uploading changes to my website.
>
> I seem to have resolved the problem as follows: I installed Zone Alarm Pro
> plus the WinXP Firewall.
> I also run AVG Pro virus checker.
>
> Now, when I run a port check of my computer with IIS running, I find that
> all of my ports are in "stealth" mode, including Port 80. IIS works fine
in
> uploading my website.
>
> Since my computer cannot be seen from the web, it seems impossible for any
> hackers or viruses to get in here. Am I deluding myself?
>
> --
> Walter
> The Happy Iconoclast www.rationality.net
> -
>
> 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003

Relevant Pages

  • Re: Finally, a secure computer
    ... paranoia in the security aspects of IIS administration. ... security at the IBM website is compromised, ... I ran a port check on 10,000 plus ports (I ... > trouble downloading updates [I'm not sure about AVG pro, ...
    (microsoft.public.inetserver.iis.security)
  • Re: who is this
    ... it's a webshoting company that wons that IP block. ... He said that he will contact security. ... shows that they scanned some ports 2 times. ... secure, I don't feel secure to do any online financial activities. ...
    (comp.security.firewalls)
  • Unusual ports found in nmap scan
    ... All other ports are filtered - the host is behind a Check Point firewall. ... Hush provide the worlds most secure, easy to use online applications - which solution is right for you? ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: blocking ports
    ... especially vulnerable ports 135-139 and 4" ... > and the firewall provide security from guests, ... > does not make web server more secure? ... > once an intruder gain access to web server ...
    (microsoft.public.windows.server.networking)
  • OT: What will he do next?
    ... That was National Security. ... President Bush said Tuesday that a deal allowing an Arab company to take ... Senate Republican Leader Bill Frist urged the administration to ... Ports World, a state-owned business in the United Arab Emirates. ...
    (comp.sys.hp.mpe)