Wednesday, April 7, 2010

test your firewall

There are a few different web sites that you can go to for checking your firewall. Perhaps the best known is ShieldsUP!, by the Gibson Research Corporation.

Lifehacker.com recently did a piece about ShieldsUP!.

Another site to check out: PC Flank.

I've run across a good amount of criticism of ShieldsUP! and its creator, Steve Gibson. Some of the criticism revolves around something I've experienced here: If your firewall allows replies to pinging, ShieldsUP! will give you a "failed" stealth rating.

The situation here:

The router here has the NAT feature. It also has, under "Advanced Settings," custom firewall settings that by default are set to "off - NAT only."

With these default setting, my ShieldsUP! tests (on All Service Ports) results:


Results from scan of ports: 0-1055

    0 Ports Open

    0 Ports Closed
 1056 Ports Stealth
---------------------

 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.


TruStealth: FAILED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,

                   - A PING REPLY (ICMP Echo) WAS RECEIVED.
So, I go back to the Advanced Settings and choose to customize the firewall settings instead of using "Off - NAT only." My customization consists of this: Under ICMP, I remove the check marks from the boxes for "in" and "out" (a note there says, "If a check appears in a box, that service is open or allowed").

Then I run the same SheildsUP! test:


Results from scan of ports: 0-1055


  0 Ports Open
  0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,

                 - NO unsolicited packets were received,
                 - NO Ping reply (ICMP Echo) was received.

From what I've read around the internet, Mr. Gibson is being too paranoid about ICMP echoes. I'm really not sure; I'm far from being an expert on internet security, firewalls, etc. But I decided not to worry about. I switched my router's firewall settings back to the default, allowing ICMP echoes. I think I'm still safe since all of my ports are closed and tested "stealth."

Before I started looking into this, one fact had escaped me: If you're running behind a NAT router, you've probably got more protection than any software firewall can give you. That was news to me. I use the Guarddog GUI, a front-end that makes it easy for you to deal with Linux's iptables. From what I'm understanding now, there's no need to even concern myself with Guarddog since I'm behind a NAT router.

But, I'll keep Guarddog, anyway. I figure that the extra layer of protection can't hurt anything!
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)