Re: Firewall and Home Network
From: Robert R Kircher, Jr. (rrkircher@hotmail.com)
Date: 11/20/02
- Next message: encoderX: "Re: Can home firewall/routers filter incoming IPs?"
- Previous message: Robert R Kircher, Jr.: "Re: DHCP on the Outside of Microsoft ISA server"
- In reply to: ThomBa: "Re: Firewall and Home Network"
- Next in thread: David: "Re: Firewall and Home Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Robert R Kircher, Jr." <rrkircher@hotmail.com> Date: Wed, 20 Nov 2002 08:26:14 -0500
ThomBa wrote:
> I really must say that the previous two responses were some of the
> best and down to earth I have seen in this forum. Thanks.
>
> Now, as a newbie to this, where can I learn more on how to configure
> firewalls starting from the ground?
>
> I am using a D-Link 300I ADSL-modem and D-Link 704P Router/FW with
> filter for in and outbound traffic. But, as stated previously, I
> really do not know how to configure it. According to D-Link support,
> the default is to to block all incomming connection attempts.
>
> How do I track and manage outgoing traffic?
>
<Reposted to avoid Top Posting confusions>
Here is exactly where most of these Desktop Firewall have an up on a HW
solution. All the DT FW's I've tested notify you what applications trying
to access the internet and on what port using what protocol. All you need
to do is choose allow or deny the traffic to pass. The advantage is you
don't need to know what port or protocol is being used, you only have to
know that you just launched your email program and now you FW is asking if
it's ok to let the traffic pass. The down fall to this approach is the
unknowing user may not make the right choice or worse may simply choose
"allow" for all apps (including malicious ones) that try to access the
internet. This, of course, completely defeats the purpose of having a
firewall.
With that all said, you'll want to start out by opening a few basic ports
HTTP (80) for web browsing, POP3 (110) and SMTP (25) for email, NNTP(119)
for news readers/Usenet, and go from there. Experiment. Launch your browser
or other internet applications and start hunting for the proper protocols
and port # to use in you rules. If you run up against an app that doesn't
connect then go out to their support page or come here. If you're lucky
your router has the most popular protocols reconfigured and then all you
have to do is find out which one to use. Most popular applications and
Games have firewall instruction someplace in their support forums, you just
have to do some hunting.
Once you've found all the protocols/ports you need to open and create rules
to allow traffic, remember that you've opened up holes in your firewall that
someone may exploit. This is why David's advice of a good logging tool can
be important. You can periodically review the logs and look for strange
patterns in the log and/or strange IP addresses. We could start a whole
other thread on how to read and interpret these log files. Also keep in
mind that many games want a range of ports open. The bigger the range the
larger the hole is to exploit.
The nice thing is once you've done the work and configured the FW correctly
you don't really have to revisit it. Review the logs every so often and
periodically open and close ports that you don't use on an everyday basis.
For example, I have rules for VCN (a remote desktop app) and Kazaa which I
only turn on when I am going to use the applications. Otherwise they are
off and remain that way.
-- Rob
- Next message: encoderX: "Re: Can home firewall/routers filter incoming IPs?"
- Previous message: Robert R Kircher, Jr.: "Re: DHCP on the Outside of Microsoft ISA server"
- In reply to: ThomBa: "Re: Firewall and Home Network"
- Next in thread: David: "Re: Firewall and Home Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
