Setting Up Your Firewall
Last Updated: Fri, 22 Apr 2011 > Related Articles
Learn how to set up your firewall.
Here are a couple of suggestions on how to configure your firewall. This is not meant to take the place of a full system audit. Go through your network and see what services your employees need. Once that is established, you can make recommendations as to how best protect yourself and your network.
When setting up your firewall, you should block any incoming connections to your network that have not had a request from an internal workstation. This is the equivalent to a ‘default deny’ from an outside IP address. This will deny any packets trying to come into your network, unless it has a request for the data from a workstation already inside your network or a specific rule is set up to allow the connection.
You should always log the traffic coming to and from your network. This will assist you in gathering any research in case a break-in does occur. Most firewalls will allow these logs to be exported to another site for storage, such as a TFTP site. If a hacker does break in, they cannot change the logs to cover their tracks if they cannot find the log files. Consult the owners manual if this is possible and if you need configuration information. You should review your logs once a month and look for odd traffic patterns.
Suggesting to block outgoing ports from your network is a bit tricky. MyDoom, alone, has over 25 ports it uses as back doors, including port 80. It would not be recommended to block all these ports, however you may want to block any ports that you KNOW will not be used.
Unless your business dictates these ports open, we suggest you block them:
(Always remember that if the port is not being used, it should be blocked by default!)
Ports 6667 and 6668 – IRC. Many bots use this port to control an infected machine.
Ports 135, 137 - 139 and 445 – NetBios. Many vulnerabilities exist on these ports. Some internal networks needs these ports open, but they should be blocked from the Internet. If you need these open for your employees, you should consider using a VPN to access the network and not leave the ports open to the Internet and the server open to attack.
Ports 1433 and 1434 – MS-SQL. Block these ports from the Internet unless you really need them open to the outside world. If your employees need access to your SQL database, you should consider using a VPN to access the network and not leave the ports to the Internet and the server open to attack.