How protected ?

Discussion in 'LnS English Forum' started by SimonW, Jun 11, 2004.

Thread Status:
Not open for further replies.
  1. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Hi,

    Looking only at the incoming protection side of LnS (I'm more than happy with it's outgoing facilities) I'm trying to understand how well protected I am using the Enhanced Ruleset.

    1) If I just leave well alone now, is it sufficient? (i.e. using LnS as a 'set-it-and-forget-it' firewall. :) )

    2) What potential threats are still likely to get through the enhanced rules ?

    3) If I can get a hold of them should I be looking at using something like Phant0ms rules instead?

    4) I wonder how running LnS like this compares to something like Sygate where it's equivalent built in rules are hidden from the user?

    Many thanks
    SimonW
     
  2. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    On a well patched windows computer, LnS with enhanced ruleset is quite effective. Putting LnS (w/ enhanced ruleset) on an unpatched system, you will likely still encounter messenger spam and possibly some worms that exploit window vulnerabilities.

    You will be very well protected if you keep windows updated, disable unneeded window services, use LnS (w/ enhanced ruleset), and use a router (w/ NAT) if you have broadband. And then there is AV, AT, and other software, but that probably goes beyond the scope of this thread :p

    If you are using dial-up you may want to try Phant0m's rule-set. I found it to be a very ideal solution for dial-up and IMO much easier to setup than the broadband configuration. However, I saw no real advantage of using Phant0m's rule-set over the enhanced rule-set, when I am behind a NAT router. As the router will filter most inbound traffic.
     
  3. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    rerun2,

    Yes, I'm behind a NAT router. PC's are fully patched, NOD32, ProcessGuard etc. so no worries there :) .

    One of my machines, a laptop, will sometimes be taken out of this environment though - hence the question really.

    Not being a firewall expert, just wondered how LnS stacks up against the competition for when I'm out and about...
     
  4. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Not had a great deal of response so I might post the above question - 'how does LnS stack up against the competition for incoming protection' in the other firewall forum to get a feel for peoples views.

    It seems to me (probably wrong here... :p ) that their are plenty of outbound tests (many of which are listed on gkweb's excellent site) but other than the standard stealth tests (checking ports are hidden/closed etc) nothing much else for doing incoming testing...
     
  5. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    I find it is very secure.

    Getting stealth on all UDP, TCP and ICMP tests.

    If you see a hole, *poof*, you can make a new rule in a few seconds ^_^
     
  6. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Look 'n' Stop contains a true packet filter, so it is normally very effective.

    Additionally, if you don't use P2P applications, you can activate de "TCP Stateful Packet Inspection" feature which provides another step in security.

    Frederic
     
  7. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Thanks for the response guys,

    Personally I believe Look'n'Stop to be just about the best firewall there is - I'm just trying to be objective about it though!!

    :) :) :)
     
  8. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    GRC Port Authority Report created on UTC: 2004-06-13 at 03:28:41

    Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
    1056 Ports Stealth
    ---------------------
    1056 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: PASSED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.

    >---------------------<

    Even when I'm connected to an eMule server, and I have a high ID, no-one can come through the port! :)

    Attached: My rule-set. Based on Enhanced rule-set included with LnS. I am on a network, and feel free to chane anything. Remove ".txt" from file-name!
     

    Attached Files:

    Last edited: Jun 13, 2004
Thread Status:
Not open for further replies.