Computer Tips -Tech Info

Computers can communicate over networks. (Surprise!) That’s how you’re reading this post. The machine that this site is hosted on is listening for requests for connection. When it receives a request it answers back with a web page. In fact, computers can listen for a great many different kinds of connection at the same time. In networking we talk about a computer listening on a given “port”. The web server for this site (and most web sites) listens on what’s called port 80. There are 65535 possible network ports that a computer can listen for incoming connections on.

Sometimes I use an analogy for ports comparing them to doors and windows in your house. Your home has doors and windows. People or animals or flies can come in to any window or door that’s open, but not doors or windows that are closed, right? It’s best then, if you don’t want unwanted pests *(or people or anything else) in your house to leave the doors and windows closed and locked. So what’s the best way to make sure that those ports are locked on a pc?

A hardware firewall. If you have a high speed internet connection you pretty much need some sort of hardware firewall. Sometimes combination cable/dsl modems/routers will serve the same purpose as a simple hardware firewall. How can you tell? There are some online tools that will help. My favorite is at GRC.com (Gibson Research). The port scanning tool is called “Shields up” Go to their page, there will be a brief welcome page, then the homepage, scroll down until you see the link to ShieldsUP! READ the page, then click proceed. Now read this page and under services click “All service ports”. This scan will only cover the first 1056 network ports, but should give an idea if you have a firewalled connection or not.

IF, the scan shows that all the ports are “stealth” that’s very good, you are probably well firewalled. If the ports show up as closed that’s still good, but not AS good. It might be worth to investigate further to see if you do have a hardware firewall of some sort. If ports show up as open you will need to make a list of which ports appear open (by the numbers) and find out why. In the meantime you should probably firewall the connection.

Now, obviously if someone else is managing your internal network, you need to consult with them on this. It’s possible that those open ports are there for a reason, but if YOU are an end user that has directly bought internet service from a high speed ISP and has never had a computer consultant in to manage your network, then you need to take responsibility. NEVER assume that “the phone company must have made it secure when they set it up.”

Hardware firewalls come in many sizes and featuresets. Mine is a PC running a linux distribution designed to be a firewall. (Old 486 based computer with 32 MB of memory). I used to have a small box from netgear that offered several features for logging. The simplest will allow you to deny all inbound connections by default and let you manage what connections in you want to allow. It’s worth noting that installing a hardware firewall will not prevent you from getting email, browsing the web or many other tasks online. SOME things, like peer to peer file sharing (bit torrent) work better with modifications to a firewall, but that’s a more advanced topic. The fact is this: security is a balancing act between convenience and safety. Something’s are worth doing. A hardware firewall is one of those.

But I have windows firewall enabled isn’t that safe? Yes, but…. a hardware firewall is a much better solution. More next time…

Popularity: 1% [?]

   Send article as PDF   

• Firewall musings... Yesterday I had a bit of a realization. I had just been looking at a wireless router/firewall setup and was thinking about the firewalling rules (which seemed to be geared at the WIRELESS lan... i.e. blocking that activity on the Wireless segment.) You know, traditionally firewalls have had the attitude......
• Network Security guide for the home or small business network - Part 19 - What about when you're not on your home network? When you're not at your home network is probably one of those times you should be more on your guard. Wireless access points are very common and a greatly useful thing, but there are some steps you should take to protect yourself, your pc and the data stored there. First......
• Network Security - Hub or Switch? So, for those that have a little bit of knowledge about network hardware, you've probably heard this. "You can't sniff switched networks".... wrong.... let's see what this is about. Older networking hardware was dominated by what's called a hub. This was basically a "dumb" device that when it received data,......

• D-Link Announced 2 new 2-Bay Network Storage Devices Two new Network Storage Devices from D-Link D-Link today announced that its ShareCenter® 2-Bay Network Storage devices, the DNS-320 and DNS-325, are now available. Building off of the successful DNS-321 and DNS-323, the new DNS-320 and DNS-325 provide centralized storage, enabling consumers to easily share documents, files and digital media......
• Home Security - Don't Make Yourself a Target In 2004, the Justice Bureau released the statistics that nearly one in six homes were burgled, that 75% of all crime was related to property and that in 90% of the burglaries the burglar gained access into the home. Every 3 seconds a property crime occurs, and every 15 seconds......
• Travel Computer Project: I Need Your Advice I'm finding myself doing quite a bit more traveling that I have in the past. Since I spend a good deal of my time on the Internet, as a software engineer as well as writing this blog, I developed a bit of a dependency on it. It's probably not a......

Similar Posts

• Network Security guide for the home or small business network – Part 2 – A Software Firewall
• Testing your firewall for open ports
• Windows RDP Denial of service vulnerability
• Network Security guide for the home or small business network – Part 19 – What about when you’re not on your home network?
• Common Networking Ports

This entry was posted on Tuesday, December 13th, 2005 at 12:23 am and is filed under Computers, Networking, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.