UltraVNC

[mlorman]

We all know that opening ports subjects us to attacks from nefarious persons thou out the world. However, some of our applications mandate that we open certain ports in order to function. We don’t use these ports all the time we are using our computer/workstation. Therefore closing the ports when not utilizing VPN, WEBCam etc. is desirable. Opening and closing ports as needed is not always that easy. I therefore developed the following scenario to do just that with relative ease.

Let me blow you right out of the box and start the arguments early. I use three, yep three, “FIREWALLS”. Now I know you are not supposed to do that, they are redundant! Well, no, they are not totally redundant, read further and let me explain why. Also, they do not slow my system down. They work hand in hand with one another to provide the best security possible, not one hundred percent but better than having open ports all the time and not having to open and close them manually either thru the router or re-configuring a firewall.

The first firewall is in my Belkin Wireless Router. It is non configurable by the user other than it’s on or off. This firewall is designed to prevent specific types of common hacker attacks, IP Spoofing, Land Attack, Ping of Death (PoD), Denial of Service (DoS), IP with Zero Length, Smurf Attack, TCP Null Scan, SYN Flood, UDP Flooding, Tear Drop Attack, ICMP defect, RIP defect and Fragment Flooding, you get the idea. So I leave it on all the time. OK, that may be a little redundant to the others, but I’m not sure.

For the second firewall I selected ZoneAlarm Pro. This application provides two valuable resources. First is a user configurable firewall that I configured to open the ports matching the router along with all other required standard operating system ports, remember the router is non-configurable. The second resource is program control over my applications. There are certain applications that like to “Phone Home” when I don’t want them to. Other’s I need to check for auto updates, etc. This tool, allows me to be selective on what my applications can do. Follow me so far. My routers configured ports are opened, my firewalls configured ports are opened all the time, dangerous. The ZoneAlarm firewall is not easily turned on and off. Opening and closing ports on the router is out of the question, not easy, and it has to re-boot every time you make a change. So far I have reasonable control but I’m treading in dangerous waters with the ports open all the time, in comes to play the third firewall. Stick with me and read on.

The third and final firewall is included in the AVG Internet Security Suite. A great anti virus tool, but more importantly it also includes a user configurable firewall. This time the firewall is configured to block all the ports that were configured open in the router and ZoneAlram’s firewall. In addition I shut down all but the most basic operating system required ports, those needed for my Browser, IM, Skype and Printer functions, etc. were left open. See were I’m going now. This firewall easily turns on and off. The AVG Icon resides in the Task Bar’s notification area. One click, the AVG window opens. One more click the AVG firewall is off. I then minimize the Window to the Task Bar as a reminder that my configured ports are open. When done with my VPN or whatever task requires open ports I reactivate the AVG window, one click my ports are again closed, another click sends the AFG window back to the notification area of the Task Bar. In summary, three mouse clicks your pre-configured ports are open, three more mouse clicks and they are closed again. See no redundancy, well maybe a little.

Now if you really want to scare yourself, the AVG firewall logs all attempts to enter your system that violate it configuration with Date and Time stamps and also providing Direction, Protocol, Type, Remote MAC address, Remote IP, etc. So leave your system on with all firewalls active for a period of time. Then read the logs and see how many attempts were made to violate your system. Imagine what happens when the ports are open all the time.

[B]

a. There's no such thing as a non-configurable router.

b. Having both ZoneAlarm and AVG's firewall up is unnecessary, wasteful of resources, and likely to cause conflicts.

c. <b>Very</b> few applications, including VPN clients and webcams, require ANY inbound port forwarding. Notable exceptions are BitTorrent and web and ftp services.

d. For your goal of "closing the ports when not using" the various applications that require them, UPnP at the router is designed exactly for that purpose. You've reinvented the wheel I think.

Interesting approach though, I guess.