I have read all the related posts but i still cannot understand what is going on. I cannot pass the Stealth test at GRC.com unless my router’s firewall is enabled. If it is disabled I get several ports simply closed or even open (the results are in the attached file). Does this mean I am not fully protected without the router’s firewall enabled?
[attachment deleted by admin]
No, it does not mean you are not fully protected. If you chose Automatic for CPF’s installation, have not altered those core rules created by default in the Network Monitor, or in some other way altered CPF’s security configuration (meaning that you’ve gone into Security/Advanced and changed CPF’s settings; I’m not referring to adding Application Rules), then you are protected.
The online tests are not the best indicator of security, although they point users in that direction. They all tend to give different results. For instance, at work, I fail GRC’s “stealth” test, but pass PCFlank’s just fine; and I know for a fact I have no open ports.
Running a resident scan, such as SuperScan 4 is a much better indicator of the state of your security. SuperScan is a free utility available here: http://www.foundstone.com/resources/proddesc/superscan.htm. You will set it to scan 127.0.0.1 (your system localhost). You can also scan other computers on your LAN, your own IP, router, etc, but the primary thing is you want to make sure your computer is secure.
If you find that any of your ports are indeed open, Foundstone also has a free tool called FPort, available here: http://www.foundstone.com/resources/proddesc/fport.htm; it shows what application owns the open port, processes, etc.
Hope that helps,
PS: It should be noted that the caveat to CPF’s protection status is that the user has not reduced the security created by CPF’s default settings - if the user installs on Manual to pick their own setup, or changes CPF’s advanced security settings, the protection may be compromised. This does not mean that settings cannot be changed; only that in changing, we need to make sure we know what we are actually doing…
So would it be clever to disable hardware firewall or should I leave it up to enhance security?
Leave your hardware firewall active, my friend! It improves your security.
The hardware firewall’s purpose is to keep attackers out, and it is much harder to breach (provided you have changed the default password to a new, strong password). However, it will not stop anything you are downloading onto your computer, since you are authorizing the transfer.
A software firewall’s purpose is to keep things in (malware, personal information, etc). If you do get a virus/trojan, and it tries to hijack your system to get back out (for any purpose), the firewall should identify and stop the attempt (or give you a warning, so you can choose to stop it). Most software firewalls, in addition, also have measures to help keep attackers out as well, but that is not the primary purpose.
So, use both your hardware & software firewalls, for better security!
OK thank you very much. You were very helpful!!!
How do I mark the topic as resolved?
Simply go to your first post in this topic. Find the Edit icon (lower right, just above your IP address).
Then add “[Resolved]” to the Subject line, either before or after your original text.
That’s all there is to it.
I’m glad to help, and that I could…