Novice user requires help/advice

Hi

This is my first post and apologize for the length of my query. I should state that I am a novice with regards the complexities regarding rule creation.

Since installing "Look 'n' Stop" I have used the Sygate online security scan and all the results have shown all my ports have been completely stealthed. Great, that is what I assume a firewall's primary function is.

I have just set up a server on my home computer (Pentium 4 2.53 gig WinXp cable modem - no router) using Serv-U program as my FTP server. Everything is tested, runs OK (password protected as only 1 person in Japan will have access). Fine so far.

I followed the Look 'n' Stop Rule example : Authorizing an FTP Server from the FAQ section of the homepage and the rule was created. Looks Ok.

I then retested Sygate online security scan and the following results are now:


FTP DATA 20 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
FTP 21 OPEN File Transfer Protocol is used to transfer files between computers. A misconfigured FTP server can allow an attacker to transfer files, Trojan horses, and virus programs at will.
SSH 22 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
TELNET 23 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
SMTP 25 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
DNS 53 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
DCC 59 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
FINGER 79 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
WEB 80 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
POP3 110 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
IDENT 113 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
NetBIOS 139 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
HTTPS 443 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Server Message Block 445 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
SOCKS PROXY 1080 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
SOURCE PORT 3022 BLOCKED This is the port you are using to communicate to our Web Server. A firewall that uses Stateful Packet Inspection will show a 'BLOCKED' result for this port.
WEB PROXY 8080 BLOCKED This port has not responded

My server will only be online on a request from the other party basis.

My questions are:
1. With the results above, am I still protected fully from attack while server is running?
2. Have I missed something in the the setup of the rule creation?
3. In the application filtering section of Look 'n' Stop I have authorized the following applications associated with Serv-U (FTP Serv-U Administrator, ServUT~1.exe and ServUDaemon.exe). I assume that these permitted applications are essential to have my server access the internet. Does anyone use Serv-U and have I correctly permitted these applications?

I think that about covers my queries. I had used the search function for my queries but came away confused, thus this post.

Any assistance/advice would be greatly appreciated and my apologies again for such a long post.

Regards

noel1947

 

Hey noel1947

If you send me your rule-set via E-mail Phant0m@phant0m-looknstop.com I’ll be happy to take a look at it…

 

Hi

There is no problem here.

To be totally stealth is possible (even if an experienced hacker can see you anyway), your first test show it.
But keep in mind that you can't offers services and in the same time have a total security, service = door opened = less security, you can't have both in the same time.
Imagine that you would be totally stealth with your FTP service activated, how to connect to you if we can't see you ?

CLOSED port and BLOCKED port aren't a security issue, there are just viewabled and compromise a little your invisibility, and the OPEN port is needed to allow people to connect to you.

So, there is no security issue, you didn't do something wrong, you have done the things right

Want to be totally stealth? disable all services, but who want to jail himself nowadays ?

definitly not me! and you ?

 

Hey noel1947

Sygate Online Scans is known to give out false Alerts; For the rule “TCP : Authorize a FTP Server” you can tighten that up a bit by using “Equal my @” for source. The rules “UDP : Authorize name resolution (DNS)” & “UDP : BOOTP / DHCP” could also be tighten up by specifying Destination IP Addresses… Also the FTP rules could be fixed up to use IP Masks, that would also tighten things up a bit too…

Take a look at http://www.Phant0m-looknstop.com in FAQs / Master Rule-set

Fix it up and re-scan, get secondary opinion (try another web-scan like Shields UP!!).

 

Thanks gkweb and Phant0m for your assistance and advice. Much appreciated.

noel1947

 

np