I used to run my DD-WRT Linksys router and I was fully stealth on everything. But I wanted something to allow for packet level security mainly ability to scan incoming software downloads, allowing for additional engine to take a look at the files. Now I installed the UTM on my dual NIC VM machine and it's awesome. However nothing is stealthed and I have few ports open. Can someone provide me a dumb level explanation of how do I go about securing my box? What are the best steps and best configuration parameters to take in order to arrive at the most secure home user utm device? Otherwise I might as well just run a Linksys router.
I just want a step above a Linksys and I thought that the SOPHOS/ASTARO UTM would be it.
Some folks say to go with Untangle but that seems to be a pricey solution with just a CLAM AV and a simple website blocker (free).
Thanks!
P.S
I got those ports open I don't know why.
53 TCP domain
You appear to be running a Domain Name Server (DNS). You should be aware of the following potential problems:
DNS Cache Poisoning
DNS Cache Poisoning is a mechanism whereby your DNS server is tricked into thinking that the IP address for a given name is something other than what it really is. This can result in users of this DNS server being "hijacked", or sent to sites that they really didn't want to go to. Worse yet, many secure web servers (SSL), if they offer their users a "login" to secure account data, could have their user's login credentials stolen. All versions of BIND prior to 8.1.1 (8.x series) and 4.9.6 (4.x series) are susceptible to this type of attack.
To determine if the DNS server you are currently using is susceptible to this attack, click here. If you get an error messaging back saying URL could not be retrieved (or similar), then your server is not vulnerable.
DNS Zone Transfer
You should disable DNS zone transfers - the only legitimate use of DNS zone transfers that we have seen is web survey companies that use it to get a list of hosts on your network. (By the way, E-Soft does NOT do that.) More often, DNS zone transfers is a convenient way for an attacker to get a list of the various machines that are running on your network.
If you have both an internal network and an external network visible to the internet, you should consider splitting DNS functionality over two servers if you have not already done so. That way, your internet visible servers are served by one DNS server (also visible to the internet), and your internal environment is served by a second DNS server (not visible to the internet).
4444 TCP nv-video
No description available for this port at this time.
5432 TCP postgresql
No description available for this port at this time.
8080 TCP http-alt
No description available for this port at this time.
This thread was automatically locked due to age.
