|
Network Guide |
When your PC is connected to the internet, it is open to attack from various sources: hackers, viruses, spy software, viruses and so on. To protect your computer you need to make sure your PC has software installed to protect your system such as a Personal Firewall, Anti-Virus Software, Spy Removal software and latest Security Patches for Windows.
A firewall is a system that blocks unwanted or unauthorised programs and data from entering or leaving your computer while on the Internet. This is achieved by IP filtering. Every program that accesses the internet uses special Ports. For Example, your Email program will use POP3 (tcp port 110) to receive mail, and SMTP (tcp port 25) to send mail, your Web Browser will use HTTP (Port 80) or HTTPS (Port 443) to access html pages from web servers. There are other ports that may be open but not used, and special ones that you don`t know about, these ports are scanned and exploited by hackers who wanted to get a data on your PC. There are two type of Port: TCP (Transport Control Protocol) and UDP (User Data Protocol), these are listed in C:\Windows\System32\Drivers\Etc\Services.
To enable the Firewall , turn on the Windows Firewall on
the Control Panel or install a third
party firewall program such as Norton Personal Firewall, McAfee Personal Firewall
or ZoneAlarm. These programs will allow your normal internet programs to connect
to the internet but block everything else and will inform you of any possible
intrusions.
PC firewalls or okay but can be bypassed via vulvernabilities in the operating system or applications on the system, so a firewall should be setup on the perimeter of a network before network traffic reaches the PC using a specialised appliance that only does firewall services e.g. PFSense firewall. ADSL firewall etc.
You can setup a dedicated firewall either as a router (ADSL), appliance or as a virtual machine, such as PFSense. You can the configure the appliance as secure as possible. The standard approach is block everything coming in or out, and then add rules to allow only what is required. For example, to allow people to browse the web and access files, you allow HTTP (TCP 80), HTTPS (443) and FTP (21, 22) out. If you want users on internet to access your web server, you allow HTTP (TCP 80), HTTPS (443) traffic in.
In pfSense, you can view or set which ports to allow or disallow via the Rules options in the properties of the Firewall menu.
Here the are two rules configured by default that block all incomming connections to the WAN (Wide area network) interfae from the internet. Click on the Add button(s) to add a new rule above or below existing rules.
For example, we want anyone on internet to access to our Web server on say IP address 10.0.0.31. So we add a new rule to Pass (allow) trafffic on WAN interface using an IPv4 address over TCP from any Source address to single host Destination using HTTPS (TCP 443) address for secure access.
Click Save and it will be added to the list of rules as bellow.
Tutorials:
A Firewall on an ADSL router, like the one you use at home or maybe in a small office, they also have a firewall settings where you can allow or block specific traffic for your network. Usually by default,
all traffic incoming is blocked and all outgoing traffic is allowed so users can browse internet, access mail and so on immediately. To access it you need to open a web browser and enter the IP address of your
ADSL router, it is usually the same address as DNS server or Gateway address configured on your PC using ipconfig
(See documentation for your router for the exact address).
Click on Firewall Rules on left side menu and click Add to add new rules for Outbound services (PC to internet) or Inbound services (internet to your servers).
For example, this new Inbound rule will allow incoming traffic to a secure web server (TCP 443) on IP 10.0.0.23 from any user on the WAN and log it.
