Firewall rulesets

Discussion in 'Computer Security' started by nugget, Jun 28, 2007.

  1. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Jun 28, 2007 #1
    Remove Advertisement - Premium Membership
    This is something I've been thinking about for some time is a general set of firewall rules. As most of us know a lot of home users (and some corporate ones too) tend to just install Zone Alarm, get annoyed by the pop-ups all the time and set the firewall to allow all traffic.

    So I was thinking that maybe we could all define a set of a few general rules that would work for most people.

    So here are a couple to get started with.

    port 25 tcp allow outgoing
    port 80 tcp allow incoming
    port 110 tcp allow incoming

    All other ports disallow
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  2. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Jun 28, 2007 #2
    Remove Advertisement - Premium Membership
    DNS outbound.

    Not sure about port 80 inbound unless you have a web server, in a DMZ obviously :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  3. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    Jun 28, 2007 #3
    Block everything, and then open up ports as you need them. What could be simpler?

    People complain because of a lack of security... then they complain when something is completely secure and they're prompted for authorization. For those people, I recommend they put their computer in a box and send it to me. Permanently.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Jun 28, 2007 #4
    How about this:

    53 UDP out
    80 TCP out (or whatever port you're proxying your access through)
    25 TCP out/in (if you're running a mail server)

    No other reason for a home user to be opening any other ports (unless you are torrenting or running a p2p client which requires it)
     
    Certifications: A few
    WIP: None - f*** 'em
  5. shambles

    shambles Guest

    Jul 27, 2007 #5
    What about telling them to spend £30.00 on a hardware firewall? Does that solve the problem?
     
  6. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Jul 27, 2007 #6
    No - because if you spend 30 quid on a hardware firewall - unless that firewall is an old desktop PC with linux installed and something like Smoothwall running on top - and has been configured by someone that knows what they're doing - they will be lulled into a false sense of security as the 'firewall' will likely be shite :)

    If you'd told them to spend 50 quid instead and got a Linksys WRT54G with alternative firmware, then they may be able to feel a little bit more secure - but only a little :)
     
    Certifications: A few
    WIP: None - f*** 'em

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...