I'm finally getting high speed DSL service, which I've needed for a while. Since I'll always be online with that, Should I be looking at Firewall software? I'm lost, here, know absolutely nothing about it or how it works.
Thanks in advance
John
------------------
Better Late than Never!
www.johnbarnold.com/pedalsteel
Getting DSL-Do I need a firewall?
Moderator: Wiz Feinberg
-
JB Arnold
- Posts: 1838
- Joined: 2 Feb 1999 1:01 am
- Location: Longmont,Co,USA (deceased)
- Contact:
-
Bill Llewellyn
- Posts: 1921
- Joined: 6 Jul 1999 12:01 am
- Location: San Jose, CA
- Contact:
The conventional wisdom is that you need a firewall. DSL is an always-on connection and has a fixed IP address, so if your computer spends a lot of time on as well, there'd be plenty of time for some hack to crack it. They say that even if it's off most of the time it's at risk. Firewalls are only about $49, anyway (I think I saw that price on a Norton firewall at www.symantec.com/sabu/nis/npf ). Good insurance.
------------------
<font size=-1>Bill (steel player impersonator) * MSA Classic U12 * email * my online music</font><FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Bill Llewellyn on 16 July 2000 at 08:44 AM.]</p></FONT>
------------------
<font size=-1>Bill (steel player impersonator) * MSA Classic U12 * email * my online music</font><FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Bill Llewellyn on 16 July 2000 at 08:44 AM.]</p></FONT>
-
Jeff Agnew
- Posts: 741
- Joined: 18 Sep 1998 12:01 am
- Location: Dallas, TX
Without question, yes.
You don't mention which platform you use. If it's Windoze, one of the best firewalls is free: ZoneAlarm, available from ZoneLabs.
If you're using a PowerMac, a firewall is much less important, at least until the UNIX-based OS X. Meanwhile, the Open Doorstop Personal Firewall is a good choice.
If you're using Linux/UNIX you should be implementing IPCHAINS, which is built-in to all systems.
Also, if you're using Windoze you should learn how to stealth all the open ports Microsoft insists on enabling by default. For complete information and a test of your vulnerability, visit Steve Gibson's excellent ShieldsUp site.
Stealthing your ports will leave you virtually undetectable to some script kiddie running an elementary port scan.
Regards,
Jeff<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jeff Agnew on 16 July 2000 at 01:43 PM.]</p></FONT><FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jeff Agnew on 16 July 2000 at 01:44 PM.]</p></FONT>
You don't mention which platform you use. If it's Windoze, one of the best firewalls is free: ZoneAlarm, available from ZoneLabs.
If you're using a PowerMac, a firewall is much less important, at least until the UNIX-based OS X. Meanwhile, the Open Doorstop Personal Firewall is a good choice.
If you're using Linux/UNIX you should be implementing IPCHAINS, which is built-in to all systems.
Also, if you're using Windoze you should learn how to stealth all the open ports Microsoft insists on enabling by default. For complete information and a test of your vulnerability, visit Steve Gibson's excellent ShieldsUp site.
Stealthing your ports will leave you virtually undetectable to some script kiddie running an elementary port scan.
Regards,
Jeff<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jeff Agnew on 16 July 2000 at 01:43 PM.]</p></FONT><FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jeff Agnew on 16 July 2000 at 01:44 PM.]</p></FONT>
-
Rich Paton
- Posts: 708
- Joined: 3 Dec 1999 1:01 am
- Location: Santa Maria, CA.,
-
Jeff Agnew
- Posts: 741
- Joined: 18 Sep 1998 12:01 am
- Location: Dallas, TX
Rich,
If your ports are stealthed it doesn't matter how many times you get probed. A stealthed port returns no response. To use the common analogy of a house:
A closed port says, "I'm here, but you can't come in. My door is locked." An open port says, "Come on in, my door's unlocked. Take what you want." With a stealthed port, however, the intruder doesn't even know your house exists. No house number, no street address.
Regards,
Jeff
That's normal. Part of it is attributable to Internet background radiation. Concerted (repeated) attempts are the result of automated port scanners, sifting through a sequential list of IPs. They're not targeting you in particular; they're looking for any address with an open port to exploit known weaknesses.<SMALL>If you would like to check out the ZoneAlarm log file of attempted probes to my system</SMALL>
If your ports are stealthed it doesn't matter how many times you get probed. A stealthed port returns no response. To use the common analogy of a house:
A closed port says, "I'm here, but you can't come in. My door is locked." An open port says, "Come on in, my door's unlocked. Take what you want." With a stealthed port, however, the intruder doesn't even know your house exists. No house number, no street address.
Regards,
Jeff