November 13th, 2002, 01:37 AM
I am new to internet and to internet security. Would like to ask how to properly configure software firewall( Sygate as a part of Ontrack system suite) running on win XP pro on desktop pc which is not a part of network nor used by anyone else but me.It keeps asking about ports and trussted IP addresses and some tcp ports local and also remote. The trouble is that I do not have the faintest clue what shall I do. I am not sure that if I leave it in preset default setting it will be useless. Although I do know something about pc hardware I have been online for only about 4 weeks and have to admit that I am far far away from understanding what exactly am I doing let alone what am I doing wrong. Just wondering if there is someone patient enough to explain the very basic facts or how to start about firewall, ports, setting etc. Thank you
November 13th, 2002, 01:57 AM
In theory, the best way to configure any firewall is to block all traffic, and only open up ports when required. This way to do not inadvertantly misconfigure the thing!
As a rule, you probably dont want to allow any incoming TCP, UDP or ICMP traffic. And the stuff you will need to allow outbound fo your firewall is your traffic. ie. if you are using a proxy server, you will have to have port 8080 open, and if possible, you could lock this down to only allow port 8080 to talk to yourproxy.proxy.com. You will also have to set it up to allow stuff like ftp, telnet etc...
If you dont the port numbers here is a complete list:
As I have said, bloxk all incoming traffic and if possible, have a notification happen everytime your firewall drops some traffic. Then read the details (ie. it should show source IP and port number) then do a little research on what they are trying to do. Trust me, this is the best way to learn.
Good luck out there, and congrats on taking an interest in the IT security world. Feel free to post more questions...
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
November 13th, 2002, 03:16 AM
it really depends on how you connect to the net and with whom as to what you let in.
Really quick, a port can be thought of as a channel. Different services, ftp, http, telnet all wait for connections on different ‘channels. ftp waits on port21, http (webserver) waits on port 80 and telnet on 23. this is true only for servers of these services. Being new to the internet you should not have any services waiting for clients to connect and make requests of them.
Right now if you are just browsing and getting files your acting as a client only, or customer as it were. your only asking for service your not providing any.
Most of the makers of services have agreed to keep their services waiting to fill requests, on what are referred too as ‘well known ports”. That is ports (channels) up to 1024.
When a client makes a request to a server, it does so using the first available local port above 1024. Because of this, your never really sure what local port a request is going to go out on, but depending on the type of service asked for, your request is always directed to a particular foreign port. Foreign being the remote computer your client is asking for service from.
With this in mind. Rules for firewalls are usually made according to the type of service.
For web browsing you would allow requests from any local port to any remote ip address but only going to port 80. This is the channel the webserver is waiting on to serve you up the web pages you want. In bound, unless your running a web server yourself, all requests to port 80 should be blocked.
Likewise, a request to send mail (SMTP) should be allowed from any local port but only going to the address of your mail server and only to port 25. getting your mail you’d normally use the same set-up but instead of remote port 25 it would be remote port 110 which is the port pop servers (Post Office Protocol) wait to serve you on.
Looking at the ports chart SoggyBottom supplied you with it would be basically the same thing for each of them.
It gets hard to tell anyone what they should do from this point on, because with each client added eg. Icq, AIM MS Messenger etc. they each specify their own ports. Instant messengers usually work on ports that are rather high and they’re all different. Its best to set you firewall to block anything you havn’t allowedl and prompt you for permission for that which you havn not allowed. So when you start, say, ICQ it’ll ask if its ok to use these ports to go here and there ports to act as a server you can then allow it, but only for this program and these settings.
Hope this helps some
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
November 13th, 2002, 03:35 AM
he he Tedob has the answers!!
Only thing not covered is trusted vs. untrusted IP addresses, a Trusted IP address is simply an IP that you want to allow access to (in a roundabout sort of way). If you were networking two machines at home, and wanted to allow access to the firewalled machine from the other one you would simply add the IP to the firewalls trusted IP list, a better and more correct way would be to allow traffic to certain ports from that IP rather than trust it completely. Depending on the software you are using (not too experienced with Ontrack myself) in most cases a trusted IP is the address of a machine that is allowed free reign over connections. Having a firewall completely open for a machine like this is a risk in itself.
Hope that adds to Tedob's wonderful post and completes the picture
I\'ll preach my pessimism right out loud to anyone that listens!
I\'m not afraid to be alive.... I\'m afraid to be alone.