hi
how can i check my network security. i mean the port which
are open and how can i close them. and which port i should
not close for browsing and other general stuff.

You open ports by having something listen on them. You close them by not having something listen on them. If you are referring to firewalling, the official Linux firewall tools are Netfilter/iptables. The de facto standard port scanner for GNU/Linux is Nmap. To surf the Web you don't need to have any listening processes, hence no ports open (you can safely firewall all of your external ports). If you want to filter access from your box to remote ports which aren't related to Web surfing then you could start by blocking all except TCP 80 (HTTP), TCP 443 (HTTPS), and UDP 53 (DNS).

Hi Jani,
You can also go to www.grc.com. There's lots of Windows stuff there, but you can use some of the services as well in Linux. Click on Shields Up and you can test your firewall for leakage. Just walk through the process.

The site is a bit cluttered with lots of free Windows apps and an excellent Hard Drive test/repair app called SpinRight that he sells, so you have to look closely.

Here is the port scan page link:
http://www.grc.com/x/ne.dll?rh1dkyd2
[It's easier to copy/paste because the site is fairly complex].

You can test the 'common' port range and also the higher ports very quickly, also file sharing, etc.

Ports show as 'open': [very bad]; 'closed': [better, but less than ideal]; or 'stealthed': [as good as it gets].

I have been using Steve's resources for years in Windows, but the port scans, firewall testing and Harddrive app are all very applicable to Linux as well.

Have fun. Check it out if you like and maybe you can get a much better idea of your vulnerabilities and assets.
Best,
fallsoff

That test is pitched for clients only, and for someone running services it would automatically give them a 'very bad' rating which may not be true.

Security goes deeper than what ports are open or closed. Think of it like a drive-thru, for example McDonald's. You drive up, there are windows. Some are open, some closed. There are ones open where the person stands to take your money, and another where you get your food. If it's busy at that time, maybe they have two money windows or two or more food windows. Another time it is slow, and those windows aren't used: the person is not standing there and so the window is closed. But what would happen if you closed the window when someone was standing there? You'd not get your food, or couldn't pay, and so on.

The idea of open/closed ports seems to be throw-back from Windows, where mystery services ran unknown to the user, and you needed an outside service to scan you because you couldn't trust what your OS was telling you it was running (for example, port 1025/tcp).

Hi, and thanks for the info,
XP ships with open SOCKETS and that is a major risk. GRC has free apps to close them and also does the port scanning. True it is only a small part of a layered approach to security issues.

I just like to see how effective my firewall is and what ports might be open for informational purposes. Some of the Linux apps I have tested there have had open ports and others are stealthed. PClinuxOS was sealed tight.

I like having that quick scan information. I have had my system sniffed at a Hotspot more than once and nothing was accessed because of diligence on my part that included closing XP sockets and checking on the firewall periodically. With Linux I like using GRC as a point of reference regarding the port situation. I havent been sniffed yet but I expect it sooner or later.

To that end I use GRC as a simple test on the port and firewall issues. The layered defense goes much deeper than that.
Thanks again
fallsoff

ps
By the way do you know of a simple Linux VPN that allows browsing from the browser and following links on out from there. I used HotSpotShield in XP and loved it. In Linux I have not been able to find anything similar yet.

What exactly do you mean by "sniffed"?

If you seriously can't find a thread which recommends a solution for this type of application, please start a new thread to ask your question. Don't add off-topic questions into existing threads.

Thanks Admin
I had that issue in mind but my fingers beat me out!
fallsoff