What Ports Should I leave open on my Firewall? aka Normal ports that I need to have open on my firewall.
Funny … my buddy asked me about this the other day … and more specifically, how could he stop some random person on his network.
When I ran a company in Shanghai (2002-2004) to monitor my employees’ computers I used a free software that is installed on each computer. What WinVNC does is it allows you to (1) look at anyone’s monitor – you’ll see EXACTLY what they see. (2) If you want to, you can TAKE CONTROL of their PC … and there is nothing they can do (outside of turning the computer off) as you control the keyboard & mouse. The install is easy to do ….. and you can get it here
However WinVNC won’t show you who’s doing the P2P … so my suggestions here are:
(A) assuming you’ve the power (and the company is small enough)… I’d go up to whomever has the router password and force him to log into the router … and go to the password reset page – and then I would personally change the password. Make the password a combination of upper case, lower case, numbers & symbols …. Make a short sentence and for the first letter of each word in the sentence, use a character … for example…. “My IT guy loves porn too much” … A suitable password would be “M!791p2m”
Many of us geeky people use the ! for an I, or for a L … the 7 can be a T, the @ an A, the 9 looks like a lowercase G… Anyway. The router – once it’s set, it should NOT need to be played with. So write its IP address down – and on a weekly basis, log into it. If the password stops working, that means someone knew to RESET the password to the factory default. Now you’ve got someone hacking your own hardware. You should be VERY WORRIED.
So anyway, we’re back at – you reset the password. Your router will probably reboot at that point. You log back in … and the BEST way to prohibit p2p traffic on your router is to LOCK OUT all of the ports that you don’t need.
What’s a port? And how do I know if I need to have it open?
An analogy to a port would be a window into a castle. For PERFECT security, if a king built a castle with NO windows or doors to the outside … then no one would be able to climb in (let’s pretend you couldn’t go over or under, and the walls are too thick to go through). But, life is boring not being able to see out. So …
That’s what a firewall is. If it’s TOTALLY closed, nothing can go in or out. So … you open a ‘PORT’ – like a castle’s window.
Most applications have pre-defined ports that they require to function – or there is a default ‘industry standard’ for certain types of data.
An example of this is, webservers, by default, run on port 80. So, if you want your employees to be able to look at websites, you need to leave port 80 open.
Also, for secure purchases, most websites use HTTP over SSL (aka HTTPS) … which runs on port 443.
Email requires two ports –
POP3 is a service used to collect mail from a mail server. It runs on port 110.
SMTP is used to send mail between servers, it is also the service used when sending mail from your e-mail client. It runs on port 25.
If you use IMAP for email then it runs on port 143.
If you (officially) run chat software – you’ll have to open up ports for them too.
So, you’ve reconfigured your router … you’ve run it for a week, and people are pissed because they can’t use their chat software anymore … but you still SOMETIMES have issues with your bandwidth.
You’ve got someone using something like uTorrent (great free P2P software by the way)… which can be configured to use ANY open port.
How do you find the person?
You need to ‘sniff’ them out. Assuming you work at a small company – with limited finances for IT … then you’ve 2 options.
First, you need to install a proxy server. The proxy server is like a waiter in a restaurant – with your staff being people at tables, and the Internet is in the kitchen. I used to use WinGate (a long time ago). I liked it back then. You configure the proxy server to ONLY deliver ‘appropriate’ content. Therefore, once ‘appropriate’ content has been defined, no one can order off the menu. (The hiccup here is your IT staff; they could define special rules JUST FOR THEM.)
The second option is to ‘sniff’ the traffic. This requires either an expensive switch & some expertise … or a CHEAP hub. I prefer the hub. Place a hub between your switch and the router … Plug a monitoring machine directly into the hub … and then run the sniffing program. Sniffing traffic is fairly complex … but it will show you WHICH computer is requesting & receiving WHAT information. Expensive sniffing applications will even rebuild the information for you.
You’ll be able to POSITIVELY identify WHO is requesting what from the internet ( EXCEPT for anything that is encrypted; anyone regularly running encrypted information over MY company intranet would be fired instantly).
Leave a comment for me if you need more help.