post #11 of 11
Quote:
Originally Posted by gonX View Post

I still believe that closing ports is a bad security mechanism - you can get far better results by sorting on a different level than just ports. A port tells nothing - it could be legitimate or bad. A good backdoor will not connect to any specific port - but it will most likely have a specific fingerprint that can be traced on the application layer.
Indeed. Most of which was covered with my SSH example earlier smile.gif

While what you say is true, there's usually some additional checking that sits alongside the firewall (in cases where outbound ports are closed). Eg with external firewalls there would typically be some level of packet inspection. Where as software firewalls tend to work because they can give you application names requesting network access. So in either case, there's usually additional security there to harden the firewall.

What really annoys me is how any program can punch holes in the firewall if UPnP is enabled.

Quote:
Originally Posted by gonX View Post

I thought you were more referring to hardware based firewalls smile.gif I totally agree with software firewalls - they are enabled by default on Windows, and with a good reason.
It's the same principle regardless of whether its a hardware or software firewall. It's just more typical to have that level of exclusion on a software firewall on home PCs because it's cheaper to do application level reporting than having packet inspection running on the router.
Edited by Plan9 - 5/22/13 at 4:32pm