Hello. I'm looking for the lightest security setup (since I'm tried of the diminishing returns on constantly improving one) and I'm planning to do it by using the native tools in Windows XP. I've read about how a closed port is just as secure as a stealthed port, with the latter being able to make a computer "inivisible" to the rest of the Internet. I have some questions though. If a fully stealthed computer would keep an attacker from discovering it, would leaving a port open be enough to notify the attacker of its existence, thus making the point of stealthing ports in the first place useless? I'm thinking of a scenario where an inbound exception is made in Windows Firewall. If all the ports were closed instead of stealthed are there any attacks that can take advantage of the computer replying to the port scan? Lastly, are exploits only taken advantage of through an open port? Are security patches for vulnerable services needed if they are disabled and their respective ports closed in the first place? Thanks in advance.
An exploit will take advantage of a vulnerable service or program holding a port open, yes. So if the vulnerable service or program is disabled or not running, then there won't be any port open, and nothing can happen.
