1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firewall rulesets

Discussion in 'Computer Security' started by nugget, Jun 28, 2007.

  1. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    This is something I've been thinking about for some time is a general set of firewall rules. As most of us know a lot of home users (and some corporate ones too) tend to just install Zone Alarm, get annoyed by the pop-ups all the time and set the firewall to allow all traffic.

    So I was thinking that maybe we could all define a set of a few general rules that would work for most people.

    So here are a couple to get started with.

    port 25 tcp allow outgoing
    port 80 tcp allow incoming
    port 110 tcp allow incoming

    All other ports disallow
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    DNS outbound.

    Not sure about port 80 inbound unless you have a web server, in a DMZ obviously :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Block everything, and then open up ports as you need them. What could be simpler?

    People complain because of a lack of security... then they complain when something is completely secure and they're prompted for authorization. For those people, I recommend they put their computer in a box and send it to me. Permanently.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    How about this:

    53 UDP out
    80 TCP out (or whatever port you're proxying your access through)
    25 TCP out/in (if you're running a mail server)

    No other reason for a home user to be opening any other ports (unless you are torrenting or running a p2p client which requires it)
     
    Certifications: A few
    WIP: None - f*** 'em
  5. shambles

    shambles Guest

    What about telling them to spend £30.00 on a hardware firewall? Does that solve the problem?
     
  6. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    No - because if you spend 30 quid on a hardware firewall - unless that firewall is an old desktop PC with linux installed and something like Smoothwall running on top - and has been configured by someone that knows what they're doing - they will be lulled into a false sense of security as the 'firewall' will likely be shite :)

    If you'd told them to spend 50 quid instead and got a Linksys WRT54G with alternative firmware, then they may be able to feel a little bit more secure - but only a little :)
     
    Certifications: A few
    WIP: None - f*** 'em

Share This Page

Loading...