Re: Firewall and Home Network
From: Robert R Kircher, Jr. (rrkircher@hotmail.com)
Date: 11/20/02
- Next message: Steve: "Re: Should I allow it ?"
- Previous message: Duane Arnold: "Re: Security"
- In reply to: ThomBa: "Re: Firewall and Home Network"
- Next in thread: Robert R Kircher, Jr.: "Re: Firewall and Home Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Robert R Kircher, Jr." <rrkircher@hotmail.com> Date: Wed, 20 Nov 2002 08:20:53 -0500
ThomBa wrote:
> I really must say that the previous two responses were some of the
> best and down to earth I have seen in this forum. Thanks.
>
> Now, as a newbie to this, where can I learn more on how to configure
> firewalls starting from the ground?
>
> I am using a D-Link 300I ADSL-modem and D-Link 704P Router/FW with
> filter for in and outbound traffic. But, as stated previously, I
> really do not know how to configure it. According to D-Link support,
> the default is to to block all incomming connection attempts.
>
> How do I track and manage outgoing traffic?
>
> /Thomas
>
> "David" <davidwnh@adelphia.net> wrote in message
> news:<StBC9.39185$6g.7528356@news1.news.adelphia.net>...
>> Damn straight Bob!
>> I agree with you on every point. With a router blocking incoming, up
>> to date antivirus, and an up to date well configured OS you
>> eliminate the vast majority of the problems, and with minimal
>> configuration hassle to boot! Most of the personal firewalls are too
>> difficult to configure and use properly by the average home user but
>> hopefully this will change in the future. Many people do learn how
>> to use their security software properly over time though. This is at
>> some point a learning process for everyone and debates like this
>> should at least enlighten people as to what these devices can and
>> cannot do, so that they can make informed decisions based on their
>> particular needs.
> [...]
>>
>>> First of all the posters that replied are correct. The real answer
>>> is
>> maybe
>>> yes, maybe not...
>>>
>>> The first thing you want to make sure is that you have good AND
>>> updated antivirus software on all your PCs. 9 times out of 10 I
>>> have to clean up after viruses over hacked PCs.
>>>
>>> Your NAT router should do a pretty good job of keeping unwanted and
>>> unsolicited traffic out. The exception to this is if you have any
>>> port forwarding turned on. In this case you are vulnerable and
>>> that PC should have a firewall installed.
>>>
>>> The other good reason for installing a desktop firewall is to manage
>>> OUTGOING traffic. Many Trojans call home to momma and if you have
>>> a FW installed and properly configured you can capture this traffic
>>> and then locate and remove the source.
> [...]
Here is exactly where most of these Desktop Firewall have an up on a HW
solution. All the DT FW's I've tested notify you what applications trying
to access the internet and on what port using what protocol. All you need
to do is choose allow or deny the traffic to pass. The advantage is you
don't need to know what port or protocol is being used, you only have to
know that you just launched your email program and now you FW is asking if
it's ok to let the traffic pass. The down fall to this approach is the
unknowing user may not make the right choice or worse may simply choose
"allow" for all apps (including malicious ones) that try to access the
internet. This, of course, completely defeats the purpose of having a
firewall.
With that all said, you'll want to start out by opening a few basic ports
HTTP (80) for web browsing, POP3 (110) and SMTP (25) for email, NNTP(119)
for news readers/Usenet, and go from there. Experiment. Launch your browser
or other internet applications and start hunting for the proper protocols
and port # to use in you rules. If you run up against an app that doesn't
connect then go out to their support page or come here. If you're lucky
your router has the most popular protocols reconfigured and then all you
have to do is find out which one to use. Most popular applications and
Games have firewall instruction someplace in their support forums, you just
have to do some hunting.
Once you've found all the protocols/ports you need to open and create rules
to allow traffic, remember that you've opened up holes in your firewall that
someone may exploit. This is why David's advice of a good logging tool can
be important. You can periodically review the logs and look for strange
patterns in the log and/or strange IP addresses. We could start a whole
other thread on how to read and interpret these log files. Also keep in
mind that many games want a range of ports open. The bigger the range the
larger the hole is to exploit.
The nice thing is once you've done the work and configured the FW correctly
you don't really have to revisit it. Review the logs every so often and
periodically open and close ports that you don't use on an everyday basis.
For example, I have rules for VCN (a remote desktop app) and Kazaa which I
only turn on when I am going to use the applications. Otherwise they are
off and remain that way.
-- Rob
- Next message: Steve: "Re: Should I allow it ?"
- Previous message: Duane Arnold: "Re: Security"
- In reply to: ThomBa: "Re: Firewall and Home Network"
- Next in thread: Robert R Kircher, Jr.: "Re: Firewall and Home Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
