Opening and closing ports in either direction is the basic function of a firewall. Port 80 is just as dangerous as port TCP/514. What IS required is a Statefull Packet Inspection and if you want to go further then you need an Application Layer Gateway to filter stuff passed through Port 80 and Ports 20-21 TCP/UDP that you do not want. - Most New Good ADSL Modems will offer SPI but do your research and choose well. If its cheap there is a reason for this. One of the first warning of what modems, indeed any hardware is the companies public release of BETA firmware. Unless you are a tester of hardware devices the use of a BETA firmware in a production environment is just suicidal and there is no logic nor reason why any company should release BETA firmware to the public. If a hardware company does do this ? this is a very very good reason not to buy their hardware. If a company needs to use the community to further test its firmware for them then you should not be paying them for the privilege of being a test subject.
Other firewalls just look solely at application desire to get out or in. With a click you could open ALL ports to the application requesting access ? and this type of firewall is perhaps the easiest to use but offers the least protection. If your firewall put a message on the screen the SVCHOST.EXE needs complete access then would you know what this process does and would you permit it?
To correctly administer a home PC with one of the most popular firewalls set at its highest level you DO need to know something about TCP and UDP Ports and you should download a copy of Internet Port numbers from the Internet. One of the easiest can be found at http://graphcomp.com/info/specs/ports.html
and Professional should have a copy of http://www.iana.org/assignments/port-numbers
You also need to have an understanding of every process that is running in your task manager does and do you grant it access to the internet.
It hard, very hard. A SPI enabled hardware device, by and large, needs no special attention, however if you do have knowledge about the TCP/IP Protocols you can make deliberate rules for the SPI handling of Port availability.
As I said above to be really safe you need to be able to filter Port 80 and Ports 20-21 traffic in both directions with an ALG module. These modules found in up market Hardware Network Device Protection can filter out any Active X, or VB Script, or Flash etc from your HTTP/FTP traffic.
If nothing else makes sense, this is even more reason to learn about the internet if security is of a concern if you have sensitive data on any PC. In the year 2006 over 200,000 people lost their identity, including credit card numbers, bank accounts etc in the United States because of Internet Fraud Hacking.
Internet Fraud Hacking is becoming as organised as organised crime and telling yourself it does not or will not happen to me is like taking 1,000 tickets in he lottery.
Time is well up on the vendors of software firewalls to start providing tutorials of how to protect you when you purchase their protection and its well over due.
If nothing still makes sense then just follow the principal that security starts at the plug in the wall and ends at the desktop ? not the other way around. Its time to enter the Internet security field and start to learn.
1 Tip. If you are a home user of MS products and DO NOT use MSN, Internet chat or IRC you can safely block the following ports TCP/UDP 137-139,TCP/UDP 322,349,445,507,522,TCP/514, TCP/UDP 568-569,593,1024-65535.
Leave Ports 137-139 alone if you have a small workgroup network
Discussion on:
View:
Show:
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
