[masraum]

I'm not going to try to be cryptic with my answers, but it may sound that way.

Quote:

Originally posted by H.G.P.
I have a Security Center with one of our computers I'm trying to learn more regarding ideal settings:

1. What inbound events should I ban?
any inbound connections that aren't necessary or not initiated by you/your computer.

2. How high should I have security level of the firewall?
As high as you can set it and still function. Start at the top, if you can't do some things move down a notch.

3. What exactly is happening with an "unsolicited attempt" at connection to a port?
Someone is looking for a server of some sort. It may be something innocuous like a search engine looking for webpages or it could be malicious. If you don't have any servers that you need to allow people on the internet to talk to, then don't allow any incoming connections (caveats exist)

4. What is a port?
Imagine that your IP address is like your house. If that's true then a port is like a door or window. Someplace that you can enter the house to get to something specific. If I want to get to your rec room then the quickest way is for me to go into that room through the window. Basically it's a more specific sub-address to your main address. If you had a server that was a web server, and email server, and an ftp file server, then you'd have an IP address for that server so people on the web would know where to find it, but you'd also have ports specific to the various tasks that the server performed, port 80 for http, port 110 for pop3 (email), port 25 for smtp (the other half of email), and port 21 for ftp. Based on which port someone on the web tries to connect to tells your server what they want to do.
5. What exactly is a "ping?"
It takes it's name from a sonar "ping". You send out a ping and if you hear your ping reflected back then you know something is there. It's useful for troubleshooting.


6. I see I can trace event. There are "Map", Registrant" and "Network" views. How can these views be used/useful. Any tips about tracing appreciated.
Those are just different ways to organize the results of the trace. For now I wouldn't worry too much about tracing. It sounds like you've got more to learn before that would be useful.

Thanks (for now)!