Good FAQ on firewall settings and application access requests.

[PrinceXizor]

I've never really used a firewall before but I'm making sure that I run my new computer a lot better than the old one.

I d/l zonealarm just recently. Where can I find a good FAQ on ports/application permissions/etc. for Windows XP Pro. I'm looking for more than just...do this, do that, I'm looking for the why behind it. In other words, I'd like to know what I'm doing to my firewall so I don't have to post another thread in here.

Thanks!

P-X

 

[nickaskew]

Hi

A list of commonly accessed ports and the applications that utilise them is below.

http://www.iss.net/security_center/advice/Exploits/Ports/default.htm

If your question was more of a 'what is a port and why does it need to shut' question then reply to this and I'll give you an overview.

Regards

Nick

 

[PrinceXizor]

That's getting towards what I'm looking for...but, I'm looking for a little more information then just a list of ports and what applications might/do use them.

For example (this is all purely made-up)

Port 4 is accessed by the OS for d/l from secure servers. This port can be left open so long as the call is from explorer.exe
Port 8 is used for internal networking only and should never be scanned during internet usage. This port can be closed while surfing.

etc....

I'd like to know what to turn off, what not to turn off and what to maybe turn off. Above all though, I want to make an informed decision not just blindly follow some recommened list.

P-X

 

[nickaskew]

Ah, I see where you are coming from...

I could tell you to switch off everyone except 80, but then all you'll be able to access is HTTP, perhaps you use a POP server to read your email? - that would be port 110 which is used to communicate with pop servers.. then you'll tell me you need to send email using smtp? that would be port 25...

You see, your question cannot be answered by anyone other than you (or your sys admin), it really is a case of 'what do YOU use' rather than what does everyone else do.

The safest way to configure your firewall is switch off EVERY port.
When you attempt to use an application that uses a port you havn't opened, it won't work, which should prompt you to 1) identify the port that application uses (i.e. view your firewall log to see what applications have attempted to use which ports..), and 2) reasses whether you actually need to open that port to facilitate your application, i.e. Ok, so you use ICQ, you open the ICQ port for your messaging client - bam, latest online worm happens to use that port to do its dirty work, or worse still, someone releases a hack for icq that uses the fact you left the port open to remotely control your pc... THINK TWICE about every port that you may need to open before opening it, it is strongly advised to do a little research on any port you feel you need to open BEFORE you open it.

I understand this doesn't answer your question directly, but that list I gave you a link to helps you make an informed decision if you do not want to undergo the painstaking job of analysing your own needs.

Regards

Nick

 

[TechnoGuRu]

The firewall will prompt whenver a connection is attempted. Like Nick said, it's up to you to determine what needs to be allowed and what needs to be blocked. I used to let Generic Host Process access the internet to check for updates and synchronize my PC clock, but recently found out that it leaves my port 1025 wide open. I managed to close the port, but now time update does not work. I'm pretty sure the Widows Update will not work either. I don't mean to stray from the topic, but you see what I'm trying to say right? I use the Shields Up! port scanner to check my port status. It contains a description for each port.

 

[PrinceXizor]

Anyone else have a comments or websites on when a process call should need a connection to the internet and when it should not? other firewall related issues for configuration? Thanks!

P-X

 

[Caanon]

I use a router/firewall connected to my DSL, all incoming ports are blocked. I use zone alarm to control out going stuff based on what program is trying to go out.

The only "problems" I've had is I cant use instant messaging programs without open ports on firewall....but i dont really care about IMs so I uninstalled them. Also I can't share stuff on kazaa lite, but I use that like once every couple months, so I don't keep that installed, and dont care about sharing.

Also I would expect I wouldn't be able to host games, ftps, etc.....but again I dont really care, I don't really have the outgoing bandwidth to host anyway. I'm happy with this setup.

 

[QueHuong]

Bump for more resources.