The age old debate of if your firewall should have closed or stealth ports rages on. For years security minded geeks have argued if stealth ports are of any real value. Stealth has been a feature that many firewall vendors have marketed as very important. Some people would argue that the only real value in stealth is from a marketing standpoint. These people feel that closed ports are in fact good enough. That even though a hacker would know your pc exist. They wouldn’t in fact be able to take advantage of this knowledge do to the fact that your machine has closed ports. Those of us that argue the value of stealthed ports. Feel that this security setup is the better method to have in place. Do to the fact that if a hacker or cracker has no idea your pc is there. Then they won’t in fact have a target to try and take advantage of. Closed port supporters state that even with stealth ports there are ways that hackers can in fact know that your machine exist. I’ve never seen solid evidence of this. Personally I’ve always found this debate more annoying than of any real value. This is more about security geeks trying to prove they are right. Than actually helping people to better secure their machines. There is no real harm in having your ports in stealth mode. With closed ports there could in fact be adverse effects. If a hacker or cracker knows your machine is online. They can do further scans to try and find other avenues of attack. Just because you have some of the more common ports closed. This doesn’t mean that you may not have forgotten to secure other processes or avenues that can be exploited. Let’s not forget that this would in fact open you up to the possibility of a DOS ( Denial of Service ) attack. If a hacker is aware that your IP is live. They can in fact overwhelm it with packets. While this won’t cause any real harm to your machine. It will in fact make it difficult if not impossible to access the internet.
Closed port advocates would argue that the chance of compromising a closed port machine is in fact minimal. Especially if the machine is setup securely and has all of the known security updates in place. Most hardcore geeks machines will in fact be setup with security properly in place. But your average everyday end user is normally a bit more lax when it comes to internet and PC security. So from a security standpoint is it really good advice to tell them closed ports are good enough? In the past we have had some well known internet celebrities state that they feel it is ok for them to run without an antivirus or software firewall. Most of us are aware that this is just plain stupid. No matter how elite of a geek you may feel you are. Unfortunately people will hear or read that so and so doesn’t use a software firewall or antivirus. So these people will feel that it is ok for them to do this as well. This same situation applies to the closed versus stealth ports debate. Just because a properly secured closed port machine may not be compromised. Is it really good advice to give to the average user? Wouldn’t it be more worthwhile to advocate stealthed ports? Which in fact would have these users facing less risk. In these days of bot nets and DOS attacks. Isn’t it wise to stay as hidden as possible? To me all this talk is less about keeping online users pc’s secure. And more about proving a point. Which in itself is not a bad thing. I try and prove points on a daily basis. My only problem with the closed versus stealth debate is that in the end I think it will only confuse most people even more. It also may in fact open these people’s machines to avenues of attack. Granted with a properly secure software firewall these avenues should be none existent. With a router in place along side the software firewall. There should be an even lesser chance of an exploit taking place. Yet when you look at this situation with open eyes. How many people actually have their machines properly secured? Even if they do the internet browser has been a constant source of attack. It is unlikely that a hacker could find a way to tunnel into a closed port machine by using some type of browser exploit. Then again many type of attacks previously thought not possible have in fact taken place over the years. Piggyback types of attacks are a real threat. Zone Labs ZoneAlarm and other vendors’ products have in fact been hardened over the years to prevent this type of exploit.
While the overall risk to closed port users might be minimal. My thought is why even open up these users to a possible avenue of attack in the first place? If there is nothing wrong with stealth ports why advocate closed? If there is no security benefit to closed why make a big deal of this? The closed port advocates are trying to prove there is no real overall value in stealthed ports. That closed is good enough to keep you secure. I’d argue that there is no real benefit to having this argument. The end user won’t be anymore secure even if the closed port supporters prove the point they are trying to make. In the end isn’t the responsibility of security geeks to give the best advice they can? Isn’t it just as important to make sure that this advice will in fact help users to stay secure or to improve their overall security? In most all cases these types of security debates do nothing to help the everyday user improve their security. In almost all situations it confuses these people even more than they may already be. While I understand why security geeks need and want to debate these types of things. I have to wonder if there is any true benefit to having this debate. This is more about ego than helping users to improve their security setup. Debates like this have value and are interesting. It’s good to see the different opinions expressed on the subject. Yet in the end I have to wonder if there will be any real value come from this. Unless it helps your average computer user to be more secure. The discussion will just add to all the confusion that already exist in regards to online and pc security.
Forums » Security » Place your bets – Closed vs Stealthed
BBR News » Closed or Stealthed – The port debate continues ever onward
Another opinion. Which some in the forum thread do not feel represents fact.
The Myth of Stealth HansenOnline