Is it dangerous to open all ports?

K

krtislav

New Member
Hello. I had a problem with my router. I could open ports on it, but there was a problem: i could open only 20 ports, i haven't had an option to select range between 2 numbers to open, and if i had to open a port (ex. 63432) TCP & UDP, i had to do it separately. And recently i accidently found out about a option: Expose Host, whit which i could open all ports on selected internal IP of a computer on which i want to open. And it worked, and i was aware that this ain't safe at all, so i set my Kaspersky Internet Security to monitor every port (instead of default to monitor most used ports). Is that safe?
Till now, there was 2 reports of network attacks:
Intrusion.Win.MSSQL.worm.Helkern
DoS.Generic.SYNFlood
And they were stopped of course.
If you want a reason why i did this, it was because of all those ports that games requires.
Thank you for your time :)
(And sorry about my english if it's bad)
 
Last edited:
Its definately not safe to have all ports open as you can tell. I believe this is what is called a dmz. I think you can set up a dmz for your specific pc and every other pc will still be protected. This isn't my area of expertise though. Someone else may chime in.
 
johnb35 said:
Its definately not safe to have all ports open as you can tell. I believe this is what is called a dmz. I think you can set up a dmz for your specific pc and every other pc will still be protected. This isn't my area of expertise though. Someone else may chime in.
Click to expand...

ok, I looked on Wiki what DMZ is, and i understand what it is and i found this:

SINGLE FIREWALL
A single firewall with at least 3 network interfaces can be used to create a network architecture containing a DMZ. The external network is formed from the ISP to the firewall on the first network interface, the internal network is formed from the second network interface, and the DMZ is formed from the third network interface. The firewall becomes a single point of failure for the network and must be able to handle all of the traffic going to the DMZ as well as the internal network. The zones are usually marked with colors -for example, purple for LAN, green for DMZ, red for Internet (with often another color used for wireless zones).
Dual firewall

A more secure approach is to use two firewalls to create a DMZ. The first firewall (also called the "front-end" firewall) must be configured to allow traffic destined to the DMZ only. The second firewall (also called "back-end" firewall) allows only traffic from the DMZ to the internal network.

This setup is considered more secure since two devices would need to be compromised. There is even more protection if the two firewalls are provided by two different vendors, because it makes it less likely that both devices suffer from the same security vulnerabilities. For example, accidental misconfiguration is less likely to occur the same way across the configuration interfaces of two different vendors, and a security hole found to exist in one vendor's system is less likely to occur in the other one. This architecture is, of course, more costly. The practice of using different firewalls from different vendors is sometimes described as a component of a "defense in depth" security strategy.
Click to expand...

So doesn't kaspersky have DMZ integrated, because kaspersky internet security have 2 way firewall?
http://usa.kaspersky.com/products-services/home-computer-security/internet-security
I'm sorry if i have missunderstand you.
 
Last edited:
Look on page 81 of the manual or you can download it. It's called exposed host(dmz), tells you how to do it.
 
johnb35 said:
Look on page 81 of the manual or you can download it. It's called exposed host(dmz), tells you how to do it.
Click to expand...

But with that option I opened all ports on my computer. There is nothing else to do with it.
My computer is demilitarized zone, and when connections get to computer, Kaspersky scan every port of them, and block if it get attacked (as I understand).
Ain't Kaspersky two-way firewall enough for security? I am only a personal user, there is no reason that someone would attack me, and till now was a only two reports about attacking, and every attack was stopped by Kaspersky
 
Last edited:
Nothing is gonna be fullproof. It's better to only open ports that are needed to be open for games and apps. To have all ports open is just asking for trouble.
 
You must log in or register to reply here.
Back
Top