Just think of the Internet as the outside world, and your ports as your house. To completely protect your house, you'd have to have no doors or windows. Now while you'd be perfectly protected, you'd have no access to the outside world, and the outside world would have no access in to your house. Therefore you need to have windows and doors in able to allow information in and out. You can stealth those windows and doors, but they are still there. Now you can get a security system for your house to warn of an intrusion, but a security system isn't going to stop all intruders. Some will just ignore it and get through.
So as Avi said you need open ports to communicate, and yes you can stealth those ports and it can help, but if you have open ports, stealth or not, you're still never 100% protected. That's just the nature of the house.
But nice post avibky, using stealth ports will help improve your security a bit, just be careful what ports you stealth as stealth ports basically only protect against Port Scanning. If a hacker or automated scanner cannot 'see' your computer's ports then they presume it is offline and move on to other targets. You can still be able to connect to Internet and transfer information as usual but remain invisible to outside threats.
Some basic facts about ports:
Ports are the virtual data connections that facilitate direct exchange of data between two or more computers. Ports can be in either one of the following states:
Open - Facilitates an Internet connection. Open ports send a positive response to an incoming connection request.
Closed - Prevents an Internet connection. Closed ports send a negative response that denies an incoming connection request.
Stealth-mode firewalls are considered harmful
In stealth mode, the firewall causes the PC just to ignore incoming connection attempts, rather than rejecting them, as would be normal for incoming connection attempts to closed ports. The result is that the PC appears to be switched off and absent from the network.
This approach to security causes some difficulties. Internet standard RFC 1112 states categorically about ICMP Echoes (ping):
3.2.2.6 Echo Request/Reply: RFC-79
"Every host MUST implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies."
Note the MUST rather than SHOULD. This means that any internet user, or ISP server, has a right to expect that all live PCs connected to the internet will respond to ICMP ping requests with an ICMP reply. If a firewall user chooses to stealth ICMP requests so that no response is sent, they have only themselves to blame if they start experiencing problems, because they are in breach of RFC 1122
The problems that might arise if you kill ICMP responses with stealth are:
- Difficulties with DHCP lease acquisition or renewal in cases where the DHCP server checks on the availability of IP addresses, or your presence on the network, with ICMP ping requests [this doesn't actually happen on the original NTL network, but ICMP requests have been seen coming from the DHCP servers of digital TV set-top boxes. No problems seen with blueyonder];
- Slowness of web connection setup in cases where the remote web server uses ICMP to determine the MTU of the response path;
- Frustration at ISP help-desks (and with informal helpers) if your PC does not respond to pings and traceroutes, as it is difficult to distinguish this situation from a broken connection.
So you are strongly advised not to apply stealth techniques to the ICMP protocol.
If you stealth all of your ports, it cloaks every single port to make a computer undetectable to port scans, however I think the best option is just to stealth blocked ports.
If you'd like to check what ports you have stealthed and the security status of your network, you can use a free tool from ShieldsUP! from the Gibson Research website located here:
Reply With Quote
