No ports need to be open at all on a B4H firewall. The more ports you have open the bigger chance of getting hacked.
Quote from horst "*behind* it (not in front of it) and catch & report > what comes through that shouldn't have" Did you really mean to say that, that way ??? Nothing comes thru my firewalls I don't want. Too late once its thru. Checking daily ? Why ? And what doctors do you think have the time besides yourself ? We are talking about surgery firewalls here aren't we ? Andrew. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Horst Herb > Sent: Tuesday, 19 September 2006 11:52 PM > To: General Practice Computing Group Talk > Subject: Re: [GPCG_TALK] Testing a firewall > > On Tuesday 19 September 2006 09:43, Andrew Cameron wrote: > > I use > > www.grc.com > > > > Then follow links to Sheilds-up as a starting point. Check > all service > > ports. > > > > And yes some ports may be open for intrusion detection if your > > firewall has it.(like snapgears, but you can turn it off) > > This does *not* test your firwall. All it does is list ports > that can be seen as "open". > > A system that interacts in any meaningful way with other > systems via the net must have some ports visibly open, and > that in itself is *not* a security risk. But that check can > help to detect ports that have been left open > unintentionally, so it is worthwhile. > > A good firewall will help to police that traffic through open > ports is legitimate - in order to test the firewall you need > to stand *behind* it (not in front of it) and catch & report > what comes through that shouldn't have - testing it from the > outside is merely the first step you should perform before > you connect your system to an untrusted network. After that, > the real monitoring (constant, several times every day) > begins - from within. *That's* the checking that is necessary > > Horst > _______________________________________________ > Gpcg_talk mailing list > [email protected] > http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
