Prone To Hacking?

[lido]

Hi all,

I have an enquiry here. I have a PC with two nic cards. One nic is for my private network and the other is connected to a modem(on 24 hours). Would like to check if it's possible for any outsiders to access my private network thru this configurations? I have zone alarm on all the time. Appreciate if someone can give me some advise and how i can go about to prevent confidential information from leaking out. Or is there any website that i can read regarding this topic?

Thanks alot

[mark2]

I assume you have antivirus and keep it updated, check for updates daily. I would add an anti trojan system that has execution protection, and also adaware/spybot.

Unless you are a business, true hackers won't be interested in the information on your comp. With an always on system, your IP address is unlikely to change, which does present a slight security threat.

[Guest moon]

Check your security, for free, here;

http://www.auditmypc.com/

[Guest moon]

Actually, I've just found this one to be better ( the new 'Shields Up)

http://grc.com/intro.htm

[bluesman821]

Thanks moon, very nice checkup. :D

[Redhat]

http://scan.sygate.com

Another good one :)

[Guest moon]

...and another. Where did my Sunday go ?

http://www.pcflank.com/

[Redhat]

Sorry, borrowed it and forgot to give it back :rolleyes:

[Guest moon]

Well into Monday now. I'm clear all round except at Gibson's where it's showing two open ports. I'm just too stuffed to find out why.

[Guest moon]

I took up the issue with the Outpost Firewall peeps, so if you're worried about open ports;

How do I close an open port?

The first step is to make sure that the port scanning site has determined your correct IP address (your IP address can be found by running ipconfig.exe or winipcfg.exe). If the IP address determined by the test is not your true IP address cancel the test as further results of the test would be incorrect. For stronger assurance that the port is open visit other scanning sites. If the port remains "open" or "visible" ("closed" instead of "stealth" please follow the instructions below:

Make sure Outpost is not in Disabled or Allow Most policy.

Open the Outpost interface and select View -> Layout. Make sure that Open Ports is checkmarked. Press "OK".

Expand the Open Ports category, in the left side of the Outpost interface, to display the applications that are listed there.

On the right side, search for the application that "owns" the port in question, example "XYZ" You can tell that by following vertically the Local Port column and when you see a line with XYZ listed, then the application in the same line is the one that opened the port in the first place. Write down the name of the application and the protocol type (TCP or UDP).

Go to Options -> Application. Look for the application you wrote down in the previous step.

If it is listed in the Trusted Applications list, move it either to the Blocked Applications or to the Partially Allowed Applications list.

If the application is in the Partially Allowed Applications list then create a new rule for the application by double-clicking on the application to display the rule creation dialog.

Press New to create a new rule.

In Select the event for your rule select the Where the specified protocol is checkbox

In Rule description click on the Undefined keyword.

The Select Protocol dialog will come up. Select either TCP or UDP, depending on the type observed in the previous step and press OK.

In Select the event for your rule check box Where the specified local port is. Click once on Undefined, in Rule description.

The Select Local Port dialog will be displayed. Enter there the value XYZ and press OK.

Finally, in Select the Action for your rule check the Deny it (optionally and the Report it) option.

Name the rule appropriately (in Name of the Rule) and click on OK to save it.

You should now see the new rule. If other rules for the same application exist, then select the rule you have created and press the Move Up button until the rule appears at the top of the list. Press OK and then Apply.

Try to see if the port scanner can now detect the port.

Important Note: Having a port open does not mean that it should always be blocked. If you are operating a web/ftp server for public usage for example, a port scanner will detect these ports as open. You must not close these ports, using the procedure outlined above, because users will not be able to "see" your web/ftp server.

What should I do if the port is not 'Stealthed' but 'Closed'?

If you run any scanning test and find that some of your ports are not 'Stealthed' but 'Closed' then:

Discover what programs open these ports (see 'Local Port' and 'Application' columns in Open Ports folder of Outpost window). Let's say you found that the xyz.exe application opened local port 9876.

Go to Options -> Applications.

If you see xyz.exe in 'Trusted Applications' then move it to 'Partially Trusted' and set tight rules for it

If you see xyz.exe in 'Partially Trusted' then set the rule for this application:

where the protocol is TCP

and where the local port is 9876

and where direction is Outbound

then Deny it

Assign highest priority to this rule using the "Move Up" button.