Network Security guide for the home or small business network – Part 1 – A Hardware firewall



Computers can communicate over networks. (Surprise!) That’s how you’re reading this post. The machine that this site is hosted on is listening for requests for connection. When it receives a request it answers back with a web page. In fact, computers can listen for a great many different kinds of connection at the same time. In networking we talk about a computer listening on a given “port”. The web server for this site (and most web sites) listens on what’s called port 80. There are 65535 possible network ports that a computer can listen for incoming connections on.


Sometimes I use an analogy for ports comparing them to doors and windows in your house. Your home has doors and windows. People or animals or flies can come in to any window or door that’s open, but not doors or windows that are closed, right? It’s best then, if you don’t want unwanted pests *(or people or anything else) in your house to leave the doors and windows closed and locked. So what’s the best way to make sure that those ports are locked on a pc?

A hardware firewall. If you have a high speed internet connection you pretty much need some sort of hardware firewall. Sometimes combination cable/dsl modems/routers will serve the same purpose as a simple hardware firewall. How can you tell? There are some online tools that will help. My favorite is at GRC.com (Gibson Research). The port scanning tool is called “Shields up” Go to their page, there will be a brief welcome page, then the homepage, scroll down until you see the link to ShieldsUP! READ the page, then click proceed. Now read this page and under services click “All service ports”. This scan will only cover the first 1056 network ports, but should give an idea if you have a firewalled connection or not.

IF, the scan shows that all the ports are “stealth” that’s very good, you are probably well firewalled. If the ports show up as closed that’s still good, but not AS good. It might be worth to investigate further to see if you do have a hardware firewall of some sort. If ports show up as open you will need to make a list of which ports appear open (by the numbers) and find out why. In the meantime you should probably firewall the connection.

Now, obviously if someone else is managing your internal network, you need to consult with them on this. It’s possible that those open ports are there for a reason, but if YOU are an end user that has directly bought internet service from a high speed ISP and has never had a computer consultant in to manage your network, then you need to take responsibility. NEVER assume that “the phone company must have made it secure when they set it up.”

Hardware firewalls come in many sizes and featuresets. Mine is a PC running a linux distribution designed to be a firewall. (Old 486 based computer with 32 MB of memory). I used to have a small box from netgear that offered several features for logging. The simplest will allow you to deny all inbound connections by default and let you manage what connections in you want to allow. It’s worth noting that installing a hardware firewall will not prevent you from getting email, browsing the web or many other tasks online. SOME things, like peer to peer file sharing (bit torrent) work better with modifications to a firewall, but that’s a more advanced topic. The fact is this: security is a balancing act between convenience and safety. Something’s are worth doing. A hardware firewall is one of those.

But I have windows firewall enabled isn’t that safe? Yes, but…. a hardware firewall is a much better solution. More next time…

Related Posts

Blog Traffic Exchange Related Posts
  • Firewall musings... Yesterday I had a bit of a realization. I had just been looking at a wireless router/firewall setup and was thinking about the firewalling rules (which seemed to be geared at the WIRELESS lan... i.e. blocking that activity on the Wireless segment.) You know, traditionally firewalls have had the attitude......
  • Network Security - Hub or Switch? So, for those that have a little bit of knowledge about network hardware, you've probably heard this. "You can't sniff switched networks".... wrong.... let's see what this is about. Older networking hardware was dominated by what's called a hub. This was basically a "dumb" device that when it received data,......
  • Network Security guide for the home or small business network - preface OK, this is an ambitious idea, but the two articles on Titan Rain and the lack of IT security training has planted a bug under the saddle so to speak.... I don't know how many parts will be in this series. In fact, I may add to it from time......
Blog Traffic Exchange Related Websites
  • World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
  • You'll Find Two Methods To 'network ' On Facebook 1. Produce A Group Page Or 2. Make A Fan Page Developing a fan page for your local enterprise has many benefits compared to a group page: •    You can have unlimited fans. Groups are limited to 5000 individuals only. If you think you may never reach 5000 individuals, think once again. Even a tiny obscure business can have over 20,000......
  • Home Office Ideas Home working has reached a level where it has once again become a major part of the economy. It is especially big in Europe. For example, approximately 4 million residents in the UK work from home necessitating the need to optimise their office spaces in order to improve efficiency, while......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Leave a Reply

You must be logged in to post a comment.


Switch to our mobile site