GSF PERSONAL FIREWALL GUIDE, Great Walls of Fire © Options

[Moore]

---------------------------------------------------------------------------------------------------------------
FIREWALL GUIDE
--------------------------------------------------------------------------------------------------------------
------------------------------------------------------
Windows PC Software Firewalls
--------------------------------------------------------------------------------------------------------------


Quotes:

The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location...and i'm not even too sure about that one  --Dennis Huges, FBI.

"Defense in depth, and overkill paranoia, are your friends." (Quote Bennett Todd). Hackers are much more capable than you think; the more defenses you have, the better. And they still won't protect you from the determined hacker. They will, however, raise the bar on determination needed by hackers.

--------------------------------------------------------------------------------------------------------------

PLEASE READ THIS GREAT GUIDE !! :

FAQ: Firewall Forensics (What am I seeing?) By Robert Graham
http://www.linuxsecurity.com/resource_file...ewall-seen.html

--------------------------------------------------------
--------------------------------------------------------

Data transfers on the Net are always in the form of packets -- relatively small packages of data.

These packets each carry an IP address and port number for their source and destination .

The port number is the mechanism which allows multiple applications to use the same network connection simultaneously.

Any application, such as your browser (or Back Orifice for instance),
which is using the network link, has one or more port numbers assigned to its exclusive use.

The port number is assigned two bytes (16 bits) in each packet.
There are therefore 65,536 (256) possible port numbers.
The Windows network software (Winsock) which manages network data exchange receives these packets, checks the port number in each, and passes them to the appropriate application.

--------------------------------------------------------------------------------

A firewall is an application that lets you control and filter packets flowing in and out of your computer or network.

Almost all PC's accept certain types of connections, and hackers can take advantage of this when probing for systems to attack.

Such techniques include:

Ping -
A method for determining whether a system is connected to the Internet at a particular address.
You ping a system by sending what's known as an ICMP Echo Request packet.
If the target is connected, you'll receive a 'pong' in response. Most operating systems, including Windows, have this program: just try running the command "ping foo.com" where foo.com is any domain name or IP address.

Operating System Fingerprinting -
By sending/receiving a single specially crafted packet, an attacker can both determine whether a system is connected to an IP address and what operating system it is running
(Windows XP, Windows 95, Red Hat Linux, etc).

Port scans -
It is possible to determine whether any server programs are active and listening for data on a system by sending a connection request to every single possible port number. If you and the attacker both have fast Internet connections, then thousands of ports can be scanned within seconds.

Firewalls are effective at blocking all of these kinds of probes as well as any other intrusion or denial of service attacks by immediately rejecting any incoming packets that weren't solicited from programs running on your computer. The attacker never receives a response, creating the illusion that there is no computer at your IP address.

This in turn prevents any further attempts to exploit security vulnerabilities and break into a system.

Outbound Filtering:
Some firewalls (such as the one included with Windows XP) only work in a single direction - they examine packets your computer is receiving, not those it sends. This is because in most cases, data originating from your computer, such as requests for web pages, is legitimate But hostile applications like trojan horses, worms, and viruses can use your Internet connection to send an attacker sensitive information such as your files, screen captures, or even keystrokes.

It is therefore crucial that your firewall has some mechanism for filtering outbound traffic from your computer.
This is usually done by building up a list of programs that are allowed to use your Internet connection.
If an unauthorized program makes a connection attempt, the firewall alerts you and lets you decide whether or not to give it permission to proceed.


What are "ports" and "protocols"?

Basically a port is an access channel and a protocol is a standardized way for computers to exchange information.

Your computer must send and receive data to participate on the Internet.
The data is sent and received by software that usually comes with your computer.

This software automatically organizes the data to be sent into packets. These packets are made in a standardized way (a protocol) so other computers can recognize them as data. Similar software is used at the receiving computer to automatically join the packets so the original message is duplicated.

The Internet is constructed so many different routes can be taken by the data traveling on it.
In this way, if part of a route is too busy or breaks down then the packets are simply sent on another route.
This routing is handled by equipment called routers, which are located throughout the Internet.
Each data packet is routed independently so a message broken into 10 packets could take 10 totally different routes over the Internet.
Routers know which computer on the Internet a packet is supposed to be sent to because each packet contains that computer's address, very similar to a letter going through the post office.

Your computer has different ports or channels for this data.
These ports are given standardized numbers so one port is used to send data and another port receives data.

In this way, the packets of data coming into and going out of your computer don't collide or get confused.
The port number is included as part of the address a packet is given.

Ports can have numbers from 1 to 65535.

Understanding and using Firewalls:
http://www.bleepingcomputer.com/forums/tutorial60.html

Great port - tcp/ip info site ;
http://www.chebucto.ns.ca/~rakerman/trojan...port-table.html

Personal Firewalls list:
- http://www.securitywizardry.com/index.php/...l-Software.html

Personal Firewalls :
http://www.symantec.com/connect/de/article...sonal-firewalls

just what the name says....FIREWALL GUIDE:
- http://www.firewallguide.com/

What is a firewall; An explation Guide ;
http://www.pc-help.org/www.nwinternet.com/...y/firewalls.htm

------------------------------------------------------------------------------

What does finding an opened port mean?

Finding an opened port does not necessarily mean that your computer's security has been compromised.

Remember that ports are designed to be opened so that communication between your computer and an Internet can take place.

Much more important than the fact that a port is open, is the question of who (i.e., what program) opened the port, and for what purpose. Most scanners will show what program they think opened a particular port.

This information though is normaly based on knowing what programs usually open a particular port.

Online Scans - What to do with Open and Closed Ports
http://www.outpostfirewall.com/forum/showthread.php?t=9992

Ultimate Port reference Guide:
http://www.bluetack.co.uk/forums/index.php?showtopic=777

------------------------------------------------------------------------------------------------------

Although firewalls have their strengths, and are an invaluable information security resource, there are some attacks that the firewalls cannot protect against, such as eavesdropping or interception of e-mail.

Furthermore, whereas firewalls provide a single point of security and audit, this also becomes a single point of failure ? which is to say, firewalls are a last line of defense.

This means that if an attacker is able to breach the firewall, he or she will have gained access to the system, and may have an opportunity to steal data that is stored in that system, or to create other havoc within the system.

Firewalls may keep the bad guys out, but what if the bad guys are inside?
In the case of dishonest or disgruntled employees, firewalls will not provide much protection.

Finally, as mentioned in the discussion of packet filtering, firewalls are not foolproof - IP spoofing can be an effective means of circumvention, for example.

For optimal protection against the variety of security threats that exist, firewalls should be used in conjunction with other security measures such as anti-virus software and encryption packages.

As well, a well-thought out and consistently implemented security policy is vital to attaining optimal effectiveness of any security software.

Beginners Guide to Firewalls:
- http://www.symantec.com/connect/de/article...walls-beginners

For hardware security information please follow this link:
- http://www.symantec.com/connect/de/article...hardware-issues

---------------------------------------------------------------------------------------------------------

Attacks Utilizing a Trojan Horse

A Trojan horse, like the Greek "gift" to Troy, looks like a useful and innocent program but actually contains a means of attacking your system.
A Trojan allows an attacker to perform almost the same actions on an infected computer as does its owner: copy, view and delete information from the hard drive, run applications, change configuration settings, control the infected computer's hardware and much more.

Typically Trojan horses are distributed over the Internet as small utility programs, screen-savers, wallpaper for desktops, etc. When a - Read our board rules -er gains access to a system, all manner of maliciousness is possible.

Also read the Bluetack Guide on Trojan Horses:
- http://www.bluetack.co.uk/forums/index.php...hp?showtopic=72

-------------------------------------------------------

Attacks Via Internet Applications

Some Internet applications, such as browsers , personal messengers and Internet pagers, have security holes that can be taken advantage of by attackers to access data stored on your hard drive.

Depending on your application configurations, your computer can distribute confidential information about your system and your Internet operations (mostly applies to Web browsers).

===================================================

Attacks Using Specially Created Harmful Data Streams

There is software around that attackers use to send harmful data streams designed to disrupt your system and impair its efficiency on the Internet.
A computer receiving this data through its different ports might lose control and hang (freeze up). Beyond the bother of having to reboot your computer, current downloads are lost, phone calls are interrupted and so on.

Attacks Using Weaknesses in Your O/S SettingsAttackers can take advantage of free and open access made available by how your Operation System is configured.

For example, if your computer uses Microsoft Windows its NetBios settings can be set so your files are made available to attackers.


For more info on exploits:
http://www.iss.net/security_center/advice/...its/default.htm

--------------------------------------------------------------------------------

Q: Which kind of packet filters will make a WUPS* scan fail?

A: A packet filter that drops UDP packets from the scanner to the scanned system,
and also a filter that drops ICMP packets going from the scanned system to the scanner. <span style='font-size:8pt;line-height:100%'>*(windows udp port scan)</span>


=============================================
------------------
Outpost Pro Firewall
------------------
=============================================

Agnitums Outpost Pro is my choice for a personal firewall ..

New released version can be found at the website:
-----------------
Outpost Pro:
-----------------
- http://www.agnitum.com/
- http://www.outpostfirewall.com/forum/

-----------------

Some detailed but interesting information about the older release

OP Pro 2.5 release:
http://www.bluetack.co.uk/forums/index.php?showtopic=6378

OP 2.5 What To expect:
http://www.outpostfirewall.com/forum/showthread.php?t=11836

OP 2.5 review at PC Flank:
http://www.pcflank.com/review_ofp_25_1.htm

===========================================
----------------------------------------------

Outpost firewall complete online guide
http://www.outpostfirewall.com/guide/index.htm

--------------------------------------------
===========================================
Agnitum Outpost is the first personal firewall that supports plug-ins.

Sample plug-ins are included to show how this revolutionary technology
can easily be employed for such tasks as Intrusion Detection, Advertisement Blocking,
Content Filtering, E-mail Guard and Privacy Control.

Agnitum Outpost is equipped with every feature a personal firewall should have.
It is the most functional firewall in the world.
Outpost supports all the latest security techniques and features such as:
Full Stealth Mode, Anti-Leak, and MD5 Authentication.

-------------------------

- OUTPOST HELP LINKS -

-------------------------

Obviously the Outpost forum is the best place to find quality assistance , but heres some of the best help links:

FAQ = Forum Section :
http://www.outpostfirewall.com/forum/forumdisplay.php?f=64

http://www.agnitum.com/support/selfsupport.html

A Guide to Producing a Secure Configuration for Outpost :
http://www.outpostfirewall.com/forum/showt...post&t=9858

Online Scans - What to do with Open and Closed Ports :
http://outpostfirewall.com/forum/showthrea...p;threadid=9992

Component Control Faq:
http://www.outpostfirewall.com/forum/showthread.php?t=12233

How to create rules in Outpost :
http://outpostfirewall.com/forum/showthrea...p;threadid=7189

Outpost Rules Processing Order:
http://outpostfirewall.com/forum/showthrea...p;threadid=8394

Extended Zone Alarm Uninstall/Outpost Install Instructions :
http://outpostfirewall.com/forum/showthrea...p;threadid=7187

Extended Application or Firewall Uninstall/Install Instructions :
http://outpostfirewall.com/forum/showthrea...p;threadid=7186

----------------------------------------------

Blockpost Plugin IP blocklist Import Guide + Tips

http://www.outpostfirewall.com/forum/showthread.php?t=9846
http://www.bluetack.co.uk/forums/index.php?showtopic=1515

------------------------------------------------

Outpost Firewall Presets: Idea and Format :

http://www.outpostfirewall.com/forum/showt...p;threadid=2404

Outpost Firewall includes presets for popular applications such as ICQ, Internet Explorer, Outlook Express and many others. When an application tries to connect to the Internet for the first time, Outpost searches its application database and suggests a set of rules worked out by our engineers that are optimum for this application. Even advanced users are recommended to use these presets and then tweak their settings as needed. This very powerful technique lets you create rules with one click and without any special knowledge of ports and protocols.

Application Specific Presets—for particular applications such as Internet Explorer, Microsoft Telnet or Outlook Express.

Common Activity Preset—for common activities such as browsing the Web, connecting via the Telnet protocol or receiving and sending e-mail.

Paranoid2000 Super Moderator

For maximum security I would also suggest removing the DNS rule from the Global rules - this means having to create a specific one for each application but does mean that a hostile application cannot even find an IP address without you permitting it (and does defeat certain leaktests). Having a Protocol TCP, Remote Port DNS, Deny as a Global rule would be a good idea in this case since it saves you from having to set up a second DNS rule to cover TCP for each application (normally UDP is used, but long queries switch to TCP - I have never noticed any ill-effects from blocking them though).

- http://www.outpostfirewall.com/forum/showt...p;threadid=3735
- http://www.outpostfirewall.com/forum/showt...p?threadid=7896

Maximum security rules :
http://www.outpostfirewall.com/forum/showt...p?threadid=7896

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

PC Flank Outpost Rules search function:
http://www.pcflank.com/fw_rules_db.htm

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

PLUGINS:
http://www.agnitum.com/products/outpost/pl...plugins3rd.html

Blockpost V2:
http://www.outpostfirewall.com/forum/showt...p;threadid=7229

Blockpost V1:
http://www.outpostfirewall.com/guide/the_o...s/blockpost.htm

http://www.outpostfirewall.com/forum/showt...p?threadid=7875

-------------------------------------------------

The AGNIS for Outpost block lists by Eric Howes , are updated regularly..

IE-SPYAD (the IE Restricted zone list) and the original AGNIS block lists (for AtGuard/NIS/NPF) and AGNIS for AdShield have also been updated.
AGNIS for Outpost contains a set of ad block lists for use with Agnitum Outpost.
These block lists are ports of the original AGNIS block lists for AtGuard, Norton Internet Security, and Norton Personal Firewall 2003 (see the AGNIS section above on this page).

AGNIS for Outpost :
http://www.spywarewarrior.com/uiuc/resource.htm

==============================================
-------------------------------------------------------------------------------
-------------------
Sygate Firewall :-
-------------------
--------------------------------------------------------------------------------
==============================================

Sygate Personal Firewall
http://www.symantec.com/norton/sygate/index.jsp

A powerful and easy-to-use PC firewall that protects against :
Trojans, spyware, and other malicious threats including those use their own protocol drivers.
It prevents unauthorized applications from passing through the firewall by inserting code into authorized ones,
and enables even the most inexperienced users to easily customize and fine-tune security policies.
Also provides best-in-breed logs for intrusion analysis.

sygate pro & free informational website
- http://personal.atl.bellsouth.net/i/k/ikpe/

Sygate website support:
- http://www.symantec.com/norton/sygate/index.jsp

Good install registration practice:

When you first boot up right after installing SPF it is a good idea to do the following to avoid an issues with SPF blocking your registration.
When you reboot if you get a "buy now" or "register" screen, just click "try now".
Then allow any and all popups that you may see for now, and then set SPF to "allow all" under the "security" tab on the SPF console.
It is a good idea to do this at first, since SPF's default state is "block all" and you do not want to block your registration by mistake.
So once set, then go under the "help" tab, click "register", then fill out all the fields using N/A for those that do not apply and register. Once registered, set SPF back to normal and configure SPF as needed.


=================================================
------------------------------------------------------------------------
--------------------------
Tiny Personal Firewall:
--------------------------
--------------------------

There are two versions available , the Pro version offers the most extreme security features you could ask for , and its aimed at advanced users. Tiny Personal Firewall has been acquired by CA

New information about at
http://www.ca.com/us/products/product.aspx?ID=5785

************************************************

NOTE: The default firewall rules are very insecure and really need to be modified before you ever go onto the internet to avoid any possible attacks being let through.

************************************************

---------------------------------
KERIO Firewall
---------------------------------

Regarded as a good firewall by many. Kerio got aquired by Sunbelt

http://www.sunbeltsoftware.com/Home-Home-O...sonal-Firewall/

--------------------------------------------------------------------------------------------------------------
------------------------------------------------------

- PROTOWALL - BLUETACK Converter/BLOCKLIST MANAGER - IP ADDRESS Blocklists -

--------------------------------------------------------------------------------------------------------------
------------------------------------------------------

PROTOWALL

ProtoWall is a new IP blocking program that will Block all connections made by TCP/IP/UDP/ICMP/IGMP etc , it's designed to run alongside other firewalls that lack specific IP blocking/blocklist importing capabilities.

It is driver based , so it will block the packets that are sent before most other firewall's will ever see it.

ProtoWall is available for windows XP , 2000 and 2003 server only..
The driver that it needs to install it will not work on windows 98 or ME

Bluetack forum:
http://www.bluetack.co.uk/forums/index.php?c=8

Help file:
http://bluetack.co.uk/pwhelp


What Protocol's will ProtoWall Block ?

IP/ICMP/TCP/UDP/HOPOPTS/IGMP/GGP/IPV4/ST/EGP/PIGP/RCCMON/NVPII/PUP/ARGUS/EMCON/CHAOS/MUX/MEAS/HMP/PRM/IDP/TRUNK1/
TRUNK2/LEAF1/LEAF2/RDP/IRTP/TP/BLT/NSP/INP/SEP/3PC/IDPR/XTP/DDP/CMTP/TPXX/IL/IPV6/SDRP/ROUTING/FRAGMENT/IDRP/RSVP/
GRE/MHRP/BHA/ESP/AH/INLSP/SWIPE/NHRP/MOBILE/TLSP/SKIP/ICMPV6/NONE/DSTOPTS/AHIP/CFTP/HELLO/SATEXPAK/KRYPTOLAN/RVD/
IPPC/ADFS/SATMON/VISA/IPCV/CPNX/CPHB/WSN/PVP/BRSATMON/ND/WBMON/WBEXPAK/EON/VMTP/SVMTP/VINES/TTP/IGP/DGP/TCF/IGRP/
OSPFIGP/SRPC/LARP/MTP/AX25/IPEIP/MICP/SCCSP/ETHERIP/ENCAP/APES/GMTP/IPCOMP/PIM/PGM/

BLUETACK Online Converter:
This convert IP blocklists into various firewall formats for importing into your firewall:

http://www.bluetack.co.uk/forums/index.php...hp?showforum=14

Bluetack Personal Blocklist Manager:
Blocklist Manager is an application which downloads blocklists from various sources and updates applications such as Snort , Blockpost ,
Kazaa Lite K++, PeerGuardian, eMule, Gnucleus and Morpheus

- http://www.bluetack.co.uk/forums/index.php?c=3

=============================================================

Firewall leak tests comparison

Stealth Tests results:
http://www.pcflank.com/scanner1s.htm

PC Flank Leak test results:
http://www.pcflank.com/art21.htm
http://www.pcflank.com/art41c.htm

Firewall scoreboard (really old sorta interesting)
- http://grc.com/lt/scoreboard.htm

--------------------------------------------------------------------------------------------------

Read the following pages to learn more about internet protocols ;

http://www.protocols.com/pbook/tcpip1.htm
http://www.protocols.com/pbook/tcpip2.htm#IP

http://www.networksorcery.com/enp/topic/ipsuite.htm

-Network layer protocols
These protocols are assigned an Ethertype number.

-Transport layer protocols
These protocols are assigned an IP Protocol number

-Application layer protocols:
These protocols are assigned one or more SCTP, TCP or UDP port numbers.

TCP - Transmission Control Protocol :
- TCP provides a reliable stream delivery and virtual connection service to applications
through the use of sequenced acknowledgment with retransmission of packets when necessary.

UDP - User Datagram Protocol :
- provides a simple, but unreliable message service for transaction-oriented services.
Each UDP header carries both a source port identifier and destination port identifier,
allowing high-level protocols to target specific applications and services among hosts.

Internet Control Message Protocol : ICMP :

ICMP redirect messages are almost always suspect. If used legitimately,ICMP redirects are used by a router to advice a host of a change innetwork topology. It just tells your host "don't send this to me, instead use this different router".However, while ICMP redirects are nice as a poor mans routing protocol,they are not exactly safe. They are in no way authenticated. ICMP redirects can be spoofed and used for 'man in the middle ' attacks.

These attacks allow a third party to listen in on your traffic (and in some cases modify it) by routing all your traffic through the attackers system.

ICMP and UDP tunnelling attacks are also used to wrap real data to the headers.
if youre system is compromised, firewalls and routers that allow ICMP ECHO, ICMP ECHO REPLY and UDP packets through will be vulnerable to this attack.


ICMP Protocol Overview:
Internet Control Message Protocol (ICMP), documented in RFC 792, is a required protocol tightly integrated with IP.
ICMP messages, delivered in IP packets, are used for out-of-band messages related to network operation or mis-operation. Of course, since ICMP uses IP, ICMP packet delivery is unreliable, so hosts can't count on receiving ICMP packets for any network problem.

Some of ICMP's functions are to:
Announce network errors, such as a host or entire portion of the network being unreachable, due to some type of failure.
A TCP or UDP packet directed at a port number with no receiver attached is also reported via ICMP.

Announce network congestion.
When a router begins buffering too many packets, due to an inability to transmit them as fast as they are being received, it will generate ICMP Source Quench messages. Directed at the sender, these messages should cause the rate of packet transmission to be slowed. Of course, generating too many Source Quench messages would cause even more network congestion, so they are used sparingly.

Assist Troubleshooting.
ICMP supports an Echo function, which just sends a packet on a round--trip between two hosts. Ping, a common network management tool, is based on this feature. Ping will transmit a series of packets, measuring average round--trip times and computing loss percentages.

Announce Timeouts.
If an IP packet's TTL field drops to zero, the router discarding the packet will often generate an ICMP packet announcing this fact. TraceRoute is a tool which maps network routes by sending packets with small TTL values and watching the ICMP timeout announcements.

--------------------------------------------------------------------------------


- for a complete listing of assigned ports and numbers ;
http://www.networksorcery.com/enp/protocol.../ports00000.htm

-Domain Names and Numbers Explained;
- http://www.cs.cf.ac.uk/Dave/Internet/node60.html
- Port descriptions and services..
- Block known trojan ports

- GIANT PORT LIST : http://keir.net/portlist.html

-Bluetack Guide to tracking IP addresses:
- http://www.bluetack.co.uk/forums/index.php...hp?showtopic=52

-Guide To Reporting Security Incidents to ISPs:
- HERE

Google directory on Firewalls

PC Flank security articles:
- http://www.pcflank.com/art19.htm

================================================
------------------------------------------------------------------------

The firewalls below are popular choices but i cannot recommend them personally:

------------------------------------------------------------------------
-------------
Zonealarm
-------------
---------------------------
===============================================

ZoneAlarm protects automatically from the moment it's installed - no programming required.
ZoneAlarm barricades your PC with immediate and complete port blocking.
And, then runs in Stealth Mode to make your PC invisible on the Internet -
if you can't be seen, you can't be attacked.

- http://www.zonealarm.com/security/en-us/home.htm?lid=en-us

zone alarm forums:
- http://forums.zonealarm.com/index.php

No matter what program expert rule you make there are a few things that need to be done and known.

First in program rules ALL rules will apply, whereas in a Firewall expert rule, only the first applicable rule applies. Second when you create an program Expert rule, there is one thing that needs to be added and another added depending on how you set up your zones.

The rule that should always come in last (the rules are applied in order from 1 to whatever) is a blocking rule. Create a new rule and name it blocking (or whatever) then select block for an action. You can leave everything else the alone. This blocks everything except what you have allowed in rules prior to this one.

Another rule that you may need is a rule for DNS lookup. If you add this rule to each program then you can control it to a single port and not put the DNS servers in the trusted zone, but in the internet zone. And for that, create a new rule, name it DNS (or whatever)as a destination add both (or all) of your DNS servers, then in the protocol section, open only the DNS port. This allows only DNS to go between your computer and your ISP's DNS servers.

The big thing to remember is that in the program expert rules, they are ALL looked at for permission from 1 to the last, and you have to add the blocking rule or all ports are open. This is real handy in email clients. No more junk coming thru (pictures and remote pages and objects).

Quote:
A sobering experience for a novice is to block ports in Zone Alarm and watch them running wide open in CommView. :(

=========================
---------------------------
Kaspersky Anti-Hacker
---------------------------
=========================

http://appsapps.info/tsc_classic/firewalls.html

Is a personal firewall, providing full-scale protection for personal computers running Windows operating systems. It prevents unauthorized access to data, as well as hacker attacks launched from both intranets and the Internet.

Full-scale Control Over Network Activity

Kaspersky Anti-Hacker is a personal firewall that checks all incoming and outgoing data streams only permits actions that are safe or have been authorized by you.
It runs at application level, allowing you to grant or deny specific behavior to selected programs.
The program uses easy to understand rule definitions, rather than complicated port and protocol configurations whenever possible.
You can choose from 5 different security levels that are available as presets and also customize the rules and create new ones according to your personal security requirements.
Like most personal firewalls, Kasperski Anti-Hacker also comes with a learning mode, that prompts the user each time an application uses the internet for the first time and based on your answers, it automatically creates the rules for you.
The low-level data interceptor allows information filtration before it is processed by other applications and provides intrusion protection from the latest forms of hacker attack, including Ping Of Death attacks, Land-attacks, TCP and UDP port scanning and DoS attacks.
SmartStealth protects your ports and makes the systems become fully invisible to the outside.
Additional features include a connection monitor, port monitor, detailed logging and more.

At this time Kaspersky Anti-Hacker is not compatible with ADSL modems.


=================================================

Look and Stop Firewall :

its out there waiting for you :

http://www.google.com/
-------------------------------------------------

Inbuilt XP Firewall (internet connecton firewall):

(you will gain more protection from a personal software firewall which fully controls outbound and inbound traffic

Windows ICF: Can't Live With it, Can't Live Without it :Great indepth article.
http://www.symantec.com/connect/de/article...live-without-it

Just so you know, WinXP's built-in firewall does not attempt to manage or restrict outbound connections at all.
It appears to be a useful firewall for hiding the machine from the Internet (it has "stealth mode" unsolicited packet handling), but you will still need to use a good third-party personal firewall if you wish to manage and control outbound connections from your system.

When you're online, your computer passes information to and from the Internet through ports, or open connections.
A port's number identifies the type of information passing through it.
For example, port 80 is used for HTTP traffic, so page requests
and webpages being downloaded all come through port 80.


Here's how to enable the XP firewall:

Log into XP with an owner account.
Click the Start button and select Control Panel. Double-click the Network Connections icon.
In the Network Connections window, click to highlight the connection you want to protect.
In the left panel, under Network Tasks, click "change settings of this connection."
When the connection status dialog box opens, click the Properties button.
In the Properties dialog box, click the Advanced tab. Check the box beneath "Internet Connection Firewall."
If you leave it unchecked, the firewall is off. If you aren't running any servers on your computer, just click OK.
If you run an FTP or Web server, you need to change the advanced settings.

Disable Internet Connection Firewall:
In Control Panel, double-click Networking and Internet Connections, and then click Network Connections.
Right-click the connection on which you would like to disable ICF, and then click Properties.
On the Advanced tab, click the box to clear the option to Protect my computer or network.

- XP Firewall - To turn on the Internet Connection Firewall:
http://www.microsoft.com/protect/default.aspx

enable/disable xp firewall:
- http://support.microsoft.com/default.aspx?...kb;EN-US;283673

------------------------------------------------
IF YOU STILL PLAN TO USE XP FIREWALL: ??? :blink:
------------------------------------------------

XP firewall logger
http://www.majorgeeks.com/download.php?det=3307

This post has been edited by TheSentinel: May 29 2010, 06:29 PM

Reason for edit: Broken/old links corrected, removed

[Moore]

==============================================
-------------------------------------

Online Port Scanning Sites / Personal Security testing Sites:

-------------------------------------
==============================================

Sygate, http://scan.sygate.com/
hackerwhacker , http://delta.hackerwhacker.com/freetools.php
HackerWatch, http://probe.hackerwatch.org/probe/probe.asp
GRC, https://www.grc.com/x/ne.dll?bh0bkyd2
Blackcode, http://www.blackcode.com/scan/
DSLReports, http://www.dslreports.com/scan
SecurityMetrics, http://www.securitymetrics.com/portscan.adp
Lockdowncorp.com, http://stealthtests.lockdowncorp.com/
Securityspace, http://www.securityspace.com/smysecure/norisk_index.html
Symantec, http://security.symantec.com/sscv6/home.asp?bhjs=0

Auditmypc, http://www.auditmypc.com/
Qualys, http://browsercheck.qualys.com/
Scanit.be, http://webtest.scanit.be/bcheck/index.php
Iprive, http://www.iprive.com/analyze/

GFI Trojanscan:
http://www.trojanscan.com/trojanscan/
Sygate Trojanscan
http://scan.sygate.com/pretrojanscan.html
Blackcode Trojan Scan
http://www.blackcode.com/scan/index.php

Popup tests sites:
http://www.kephyr.com/popupkillertest/index.html
http://proxomitron.info/tests/poptest.html
http://www.dummysoftware.com/popupdummy_testpage.html
http://www.webknacks.com/aptest.htm

Personal Information
http://www.gemal.dk/browserspy/
http://www.elfqrin.com/binfo.shtml

list of free online services:
-virus scans-portscans-security scans-more
- http://www.wilders.org/free_services.htm

Computer Cops Online Security Nmap Port Scanner - members only -
- http://www.computercops.biz/modules.php?name=nmap

============================================
----------------------------------
- Gibson Research Center -
----------------------------------

You can try to find out how secure your PC is, by going to :

- http://grc.com/intro.htm

and run "ShieldsUp!" to test from the outside, and "LeakTest" to test from the inside.

Then , if you didnt have a firewall before , install Outpost / Sygate / Zonealarm personal firewall and try the tests again.

Firewalls by GRC:
- http://grc.com/su-firewalls.htm

Evil Port Monitors?:
- http://grc.com/su-evilportmon.htm

GRCSucks
- http://www.grcsucks.com

#############################################

PC FLANK (online personal firewall testing and anti-trojan testers)...

- http://www.pcflank.com/about.htm
"We recommend 3 main routes of passing PC Flank's tests".
These are "Rookie", "Advanced" and "Rush"

scan your computer using the following tests:

Quick Test:
This test shows how vulnerable your computer is to various Internet threats.
The test also determines if a Trojan horse already infects your system and if your
Web browser reveals personal info about you or your computer while you're web surfing.

This test is a combined version of Advanced Port Scanner, Browser Test and Trojans Test.
The test take less than three minutes.

Afterwards you will see a full report including recommendations on how to improve the security of your system.
This test is recommended to rookie users and users who do not have enough time to pass all the tests.

Stealth Test:
With the help of the Stealth test you can determine if your computer is visible to the others on the Internet.
You can also use this test to determine if your firewall is successful in making ports of your system stealthed.
To determine if your computer is visible on the Internet the Stealth test utilizes five scanning techniques:
TCP ping, TCP NULL, TCP FIN, TCP XMAS and UDP scanning.

Browser Test:
This test will check if your browser reveals any of your personal information.
This might be the sites you have visited, the region you live in, who your Internet Service Provider is, etc.
The test will recommend specific settings of your browser for you to change

Trojans Test:
This test will scan your system for most dangerous and widespread Trojan horses

.

===================================
-------------------------------------------------------

For protection against "Process injection/DLL injection/Memory modification/Process termination" try these programs below:

-------------------------------------------------------
===================================

---------------------------------------------------------------------

ProcessGuard:

http://www.diamondcs.com.au/processguard/
http://www.diamondcs.com.au/processguard/index.php?page=faq

DiamondCS ProcessGuard protects Windows processes from attacks by other processes, services, drivers, and other forms of executing code on your system.
ProcessGuard also stops applications from executing without the users consent, stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks.
ProcessGuard even stops most keyloggers and leaktests, and is recognised by many to be the most comprehensive anti-rootkit solution available

System Safety Monitor Beta(SSM)

is an application-firewalling tool (it is not a "firewall" in traditional understanding, so there shouldn't be any conflicts with your network firewalls). SSM controls which programs are running on your computer and what they are doing. For example, SSM can prevent so called "DLL Injection". Also, SSM will notify you whenever a program you want to start was modified. In addition, SSM can constantly check your registry and alert you, when an important modification was made.

http://www.syssafety.com/


==========================================
---------------
Firewall links-
---------------

!need to know what it is youre looking at in your firewall
FAQ: Firewall Forensics (What am I seeing?) Version 1.2.0
- http://www.robertgraham.com/pubs/firewall-seen.html

TECH TVS GUIDE TO COMMERCIALLY POPULAR FIREWALLS:
- http://www.techtv.com/screensavers/product...3522872,00.html

SPYCHECKERS FIREWALL REVIEW:
- http://www.spychecker.com/software/firewall.html

Firewall FAQS:
- http://www.faqs.org/faqs/firewalls-faq/
(Last Update May 01 2003)

Firewall Evolution - Deep Packet Inspection:
- http://www.securityfocus.com/infocus/1716

The Enemy Within: Firewalls and Backdoors
- http://www.securityfocus.com/infocus/1701

DownloadTHIS informative pdf on internet firewalls written in 2000.
(right click-save target as) or read the online version..
- http://www.interhack.net/pubs/fwfaq/

A high level explanation of firewall technologies and their features
- http://www.infosecwriters.com/texts.php?op...splay&id=12

Hardening the TCP/IP stack to SYN attacks
- http://www.securityfocus.com/infocus/1729


==========================================================

http://www.iss.net/security_center/advice/...its/default.htm

==========================================================

ICMP Destination Unreachable Codes
Code Value Meaning
0 Network Unreachable
1 Host Unreachable
2 Protocol Unreachable
3 Port Unreachable
4 Fragment Needed and DF Set
5 Source Route Failed
6 Destination network unknown
7 Destination host unknown
8 Source host isolated
9 Communication with destination network administrative prohibited
10 Communication with destination host administrative prohibited 
11 Network unreachable for type of service
12 Host unreachable for type of service

http://www.uga.edu/~ucns/lans/tcpipsem/icm...code.field.html
http://www.firewall.cx/icmp-dest-unreachable.php

#############################################################

Windows Security Log Encyclopedia

Plain English explanations of Windows security log events
http://www.ultimatewindowssecurity.com/encyclopedia.html


#############################################################

- Managing Network Security - Returning Fire -

I wish I could tell you that there were viable alternatives to returning fire when under serious cyber-attack, but if wishers were pennies, we would all be rich. Law enforcement has not kept up with the need, prevention will eventually fail under sufficiently concerted attack, and the only hope for the defender under seige therefore lies in detection and response.

http://all.net/journal/netsec/1999-02.html

here Spoofing and Fragmentation


-------------------------------------------------------------


------------------------
Security Resources:
------------------------

Guardian Angel:
http://www.theguardianangel.com/resource_index_.htm

Security Newsgroup:
- http://www.derkeiler.com/Newsgroups/
Grey Magic Security:
- http://security.greymagic.com/
About.Com Net Security Guide
- http://netsecurity.about.com
HackerWhacker
- http://www.hackerwhacker.com
Help-Net Security
- http://net-security.org
InfoSyssec
- http://www.infosyssec.com
Intelligence Brief: Information Security
- http://www.intelbrief.com
ITtoolbox Security
- http://security.ittoolbox.com/
NTSecurity - Windows NT/2K Security Portal
- http://www.ntsecurity.net
Packet Storm
- http://packetstormsecurity.org
Secure Labs
- http://www.securelab.com
SecurityFocus
- http://www.securityfocus.com
SecurityGeeks
- http://www.securitygeeks.com
SecuriTeam
- http://www.securiteam.com
Security Unit, Inc.
- http://www.securityunit.com
Security News Portal
- http://www.securitynewsportal.com
Security Writers
- http://www.securitywriters.org

======================
Security Newsgroups (via Google)
======================

alt.security
alt.security.announce
alt.computer.security
alt.security.alarms
alt.security.keydist
alt.security.pgp
alt.spam
comp.os.linux.security
comp.Win.NT.Security
comp.os.netware.security
comp.lang.java.security
comp.security.announce
comp.security.firewalls
comp.security.misc
comp.security.ssh
comp.security.unix
comp.security.pgp
comp.virus
info.firewalls-digest
misc.security

Other Resources:

CGI Security
- http://www.cgisecurity.com
Interactive Information Security Policies
- http://www.yourwindow.to/security-policies/
Insecure.Org
- http://www.insecure.org
NeoHapsis Ports List
- http://www.neohapsis.com/neolabs/neo-ports
NGS Security Software
- http://www.nextgenss.com
Lance Spitzner's Security Whitepapers
- http://www.enteract.com/~lspitz/papers.html
Neohapsis Security List Archives
- http://archives.neohapsis.com
Network Security Library
- http://www.secinf.net
Nomad Mobile Research Center
- http://www.nmrc.org
SC Magazine
- http://www.scmagazine.com
WWW Security FAQ
- http://www.w3.org/Security/Faq
VPN Labs
- http://www.vpnlabs.org

===================
INTRUSION DETECTION:
===================

Intrusion Detection & Response ;

arachNIDS Attack Signatures
- http://www.whitehats.com/ids
DShield
- http://www.dshield.org/
Incidents.Org - Internet Storm Center
- http://www.incidents.org
Talisker's IDS Buyer's Guide
- http://www.networkintrusion.co.uk
HoneyNet Project
- http://www.honeynet.org
SNORT
- http://www.snort.org
- http://www.snort.org/docs/idspaper/

- http://www.sans.org/resources/idfaq/
- http://www.cert.org/
- http://isc.incidents.org/
- http://www.securityfocus.com/bugtraq/archive
- http://www.packetstormsecurity.org/papers.html

- http://www.dslreports.com/
- http://www.security-protocols.com/
- http://www.hazeleger.net/
- http://www.firewall.cx/

- http://www.mcabee.org/lists/snort-users/Ju...hrd4.html#00398
- http://alamo.satlug.org/pipermail/satlug/2...hread.html#2493
- http://www.honeypots.net/honeypots/products
- http://csrc.nist.gov/publications/nistir/n...nistir-7007.pdf

----------------------------------------------
GFI LANguard System Integrity Monitor:
----------------------------------------------

GFI LANguard System Integrity Monitor (S.I.M.) is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/XP system. If this happens, it alerts the administrator by email. Because hackers need to change certain system files to gain access, this FREEWARE utility provides a great means to identify any servers that are open to attack.

- http://www.snapfiles.com/reviews/GFI_LANgu.../fileinteg.html
- http://www.snapfiles.com/screenshots/fileinteg.htm

-

GFI LANguard Network Security Scanner (N.S.S.)
checks your network for all potential methods that a hacker might use to attack it

- http://www.gfi.com/lannetscan/


=======================
Packet Sniffing-Related Resources :
=======================

- http://grc.com/oo/packetsniff.htm

Packet Storm's MAJOR packet sniffing page
http://packetstormsecurity.org/sniffers/
TCP for the Uninitiated - Part I (Introduction and Background)
http://www.dragonmount.net/tutorials/tcpip...part1/intro.htm
An overview of the TCP/IP protocol suite
http://www.acm.org/crossroads/xrds1-1/tcpjmy.html
RFC1180 - A TCP/IP Tutorial
ftp://ftp.isi.edu/in-notes/rfc1180.txt
An Introduction to TCP/IP
http://www.yale.edu/pclt/COMM/TCPIP.HTM
Uri Raz's (amazing) TCP/IP resource page
http://www.private.org.il/tcpip_rl.html
The Protocol.com Web Site
http://www.protocols.com
An example packet sniffer (written in Perl)
http://stein.cshl.org/~lstein/talks/WWW6/sniffer/

========================================
------------------------------------------------------------------------
LINUX- Firewall links:
------------------------------------------------------------------------

Linux Security:
- http://www.staff.uiuc.edu/~ehowes/soft26b.htm
Unix Security:
- http://www.deter.com/unix
Linux Security Portal:
- http://www.linuxsecurity.com/

Iptables info:
http://www.oofle.com/iptables.php

Firewall Jay:
1 : http://firewall-jay.sourceforge.net/
: http://firewall-jay.sourceforge.net/spywares.php

------------------------------------------------------------

Updated old/broken links !

This post has been edited by TheSentinel: May 2 2010, 03:21 PM

[carmin]

I was lucky to get here, as im having a lot of trouble with my connection speed. Thats why im asking for your help. I've been having issues for some days now, and every comcast speed test i do, offers different results. I am really lost here. cheers and thanks in advance.

[TheSentinel]

Hi carmin

and Welcome at GSFs. Enjoy our community and have fun here. Do not hesitate to as us. We'll tell you in case of having no ideas for an answer ;)

You mentioned different test results. At which times did you run these tests? Nearly all the same time or at different ones? I'm asking due to the traffic load of connection knots which might be overloaded at 'Internet-Rugh-Hours'.

If you could drop us some of these results and the time you've done the test would help us to give you help ;)

Have a graet one
Regards
B. Udo