Firewall Facts
Network-based firewall configuration
-Most SOHO routers and access points include a firewall to protect your private network -By default, most SOHO routers allow all traffic on the private network to pass through the firewall. Responses to those outbound requests are typically also allowed. For example, a user browsing a Web site will receive the Web pages back from the Internet server. -You can configure individual port rules or exceptions to allow or deny specific ports. A common approach is to block all ports, then open only the necessary ports -Configuring port triggering to allow the firewall to dynamically open incoming ports based on outgoing traffic from a specific private IP address and port -Configure port forwarding to allow incoming traffic directed to a specific port to be allowed through the firewall and sent to a specific device on the private network
Post Office Protocol (POP3)
110 TCP
Internet Message Access Protocol (IMAP4)
143 TCP and UDP
File Transfer Protocol (FTP)
20 TCP 21 TCP
Secure Shell (SSH)
22 TCP and UDP
Telnet
23 TCP
Simple Mail Transfer Protocol (SMTP)
25 TCP
Remote Desktop Protocol (RDP)
3389 TCP
HTTP with Secure Sockets Layer (SSL or HTTPS)
443 TCP and UDP
Domain Name System (DNS)
53 UDP
HyperText Transfer Protocol (HTTP)
80 TCP
Firewall
A device or software running on a device that inspects network traffic and allows or blocks traffic based on a set of rules
Exceptions
By default, the firewall allows all outgoing Web traffic and responses but blocks all incoming traffic. You can configure exceptions to allows incoming traffic. In Windows Firewall, you can configure two exception types: (Next two terms are the exception types)
Port
Configuring an exception for a port and protocol (either TCP or UDP) keeps the port open all the time. -You must know both the port number and the protocol -Many services require multiple ports, so you must identify all necessary ports and open them -Ports stay open until you remove the exception
Program
Configuring an exception for a program automatically opens the ports required by the application only while the application is running. -You can select from a list know applications or browse and select another application -You do not need to know the port number used; the firewall automatically identifies the ports used by the application when it starts -After the application is stopped, the required ports are closed
access control list (ACL)
Filtering rules that firewalls use to identify allowed and blocked traffic. A rule identifies characteristics of the traffic, such as: -The interface the rule applies to -The direction of traffic (inbound or outbound) -Packet info such as the source or destination IP address or port number -The action to take when the traffic matches the filter criteria
network-based firewall
Inspects traffic as it flows between networks. For example, you can install a network based firewall on the edge of your private network that connects to the Internet to protect against attacks from Internet hosts. A network firewall is created by installing two interfaces on a central network device: one interface connects to the private network, and the other interface connects to the external network
host-based firewall
Inspects traffic received by a host. Use a host-based firewall to protect against attacks when there is no network-based firewall, such as when you connect to the Internet from a public location.
