TweakTown
TRENDING NOW: Sony should unveil PlayStation 5 pricing, open pre-orders on August 6

Internet Security & Firewalls Guide

The Internet. It's something you depend on, something which you use as a hobby, something you use as a job or just something you use for leisure. But, how secure is your Internet connection against hackers and spyware? Maybe you need a software or hardware firewall? Listen up as Sevan tells us everything we need to know about this very issue!
@TweakTown
TweakTown Staff
Published Tue, Aug 21 2001 11:00 PM CDT   |   Updated Tue, Apr 7 2020 12:25 PM CDT
Manufacturer: none

Internet Security & Firewalls -

IntroductionWhen the Internet was created, there actually weren't as many active hackers as there were today. And the reason for this? Simple: Software development and rush to get out software, that has not been completed yet fully. Example? Any Windows operating system.Some and actually many people really don't have the need for a firewall. Those type of users are home users mostly, and even some business users. This rule has generally changed, these days, as software development is jumping up and down with the market in the rush to make money without the worry about customer satisfaction. Actually, what do those big companies or individuals want from you? Ever heard about SPYWARE? What is spyware you ask?Spyware is ANY SOFTWARE which employs a user's Internet connection in the background without their knowledge or permission. Silently it sends or/and receives data without the user knowing what it is, or where it is going. ANY SOFTWARE communicating across the Internet absent these elements is guilty of information theft and is properly and rightfully termed: Spyware. Preparing FirewallBy reading this article, you will find out which software or hardware firewall you will need to be secure on the Internet. You will need a firewall if you:1. Your computer's files need to be accessed remotely across the Internet.2. You are operating any sort of Internet server such as Personal Web Server.3. You use any sort of Internet-based remote control or remote access program such as PC Anywhere, Laplink, or Wingate.4. You want to properly and safely monitor your Internet connection for intrusion attempts.5. You want to preemptively protect yourself from compromise by "inside the wall" Trojan horse programs like NetBus and Back Orifice.Step 1) The first screenshot shows the single most important setting you will need to adjust before anything else. Go to your network settings by right clicking on your network neighborhood and selecting properties. Then, click on TCP/IP and go to the properties. Switch to the "bindings" tab and UNCHECK anything you see in there. You may be asked a question and you will need to select NO and click OK twice. Now go ahead and restart.
Step 2) After you are done with that and restarted, you will need to make sure that NetBIOS is not being used for TCP/IP. Uncheck the option you see below.
Step 3) Now you will need to do the same for ever other computer on your network. Skip to next step if you aren't on a network. Now we will need to test your computer to see how secure you are. Know that every security scan test always looks for the first IP address on a network to scan (example: 192.168.1.100), so if you do plan on installing a software firewall, which I recommend strongly, install it on the first computer. For a very good and simple to understand test, go to:https://grc.com/x/ne.dll?bh0bkyd2 orhttp://scanme.sygatetech.com/Below is a screenshot of the results you want after installing a firewall which I will discuss later on. A 'stealth' result means no respond at all from a port on an ip address. An 'closed' result means that the ip address received the packet but did not send a notification back. An 'open' result means the ip address received the packet and send it back, meaning you are in big danger.

Internet Security & Firewalls -

Internet Firewalls: HardwareHere are a list of just some routers for your choice. Not everyone does the same things, but they all do provide you a small network in your own house (or office). Just like having your own small Internet!Macsense Xrouter MIH-130 Pro: An advanced router for people who do know how a network works. Setup might be a little confusing for some, but with the advanced options, you will be a pro. 3.5 / 5
Linksys Etherfast Cable/DSL Router: The most popular router out there. Best bang for the buck, with the easiest setup of any. It's fast, easy to use, and looks nice too. Only real downside is the continuing release of new firmware that addresses a lot of issues that were never fixed before. But this isn't bad at all. This shows support from the company that it wants to improve it...a little too late though. Not recommended for use on a ADSL PPPOE connection. Be advised. 4.5 / 5
Asante FriendlyNet 10/100 DSL/Cable Router: Remote administration is one big plus for this router. The setup process might be a little tricky, but this router will not let you down. 3.5 / 5
Umax Ugate 3000 Internet Sharing Hub: This little hub is useful for those small networks that needs to be routed into another network. The Umax Ugate lets you have static ip configuration on your network, allowing you to setup computers painless. 3 / 5
Here are some security scan results done on all four routers:Linksys - UDP: 67, 69 Open, TCP: All filtered, Address ping: unpingableUgate - UDP: 67, 69 Open, TCP: All filtered, Address ping: unpingableWant simply the fastest of all these four routers? Then go with the linksys! It is fast for LAN to LAN transfers, and still is not the slowest for WAN to LAN transfers either.

Internet Security & Firewalls -

Internet Firewalls: SoftwareSo you are asking what a firewall is, right? Here is a brief description of a firewall. A firewall ABSOLUTELY ISOLATES your computer from the Internet using a "wall of code" that inspects each individual "packet" of data as it arrives at either side of the firewall - inbound to or outbound from your computer - to determine whether it should be allowed to pass or be blocked. The user of course controls this. Remember that there is no perfect firewall! One of the TOP firewall solutions is a Linux firewall, where a separate PC which shares an Internet connection and separates a network from the Internet and the network by a firewall. Linux firewalls are superb firewalls but are hard to setup for many Windows users, because of the general complexity.In an unsorted order, here are some firewalls that I rated from personal experience and rating from other sources, recommendations, and use. McAfee Firewall - Make sure you update to the latest version to address small issues seen in previous versions. 3.8/5Sygate Personal FW (FREE) - Free for personal use. Still, customizing the firewall isn't easy and really available. Consider updates if you will be installing it or use latest version. 3.5/5Symantec / Norton - Make sure you update to the latest version to address small issues seen in previous versions. Norton had an automatic rule creation on in the previous versions, and that was a real bad idea. Many issues are now addressed in the newer versions. 3.5/5Tiny Personal FW (FREE) - Real excellent free personal firewall. Use this firewall if you are more technically orientated and want total customization of a firewall. Very highly recommended for knowledgeable individuals. 5/5Zone Alarm (Free) & Pro (Not free) - Good 'out of the box' protection and simple setup. Firewall is not as customizable as Tiny Personal FW, but Zonealarm is very widely known. 4.5/5In unsorted, here are some firewalls that I do NOT recommend at all for use. Personal experience and reviews showed me that these are not for anyone's use who wants a secure network.AtGuardBlackICE Defender (Not a firewall, but a program to monitor traffic)Conseal DesktopConseal PC FWeSafe DesktopPrivateFirewall 2.0Lockdown 2000

Internet Security & Firewalls -

Common Internet Ports & DescriptionPort 0 - Commonly used to help determine the operating system. This works because on some systems, port 0 is "invalid" and will generate a different response when you connect to it vs. a normal closed port.Port 1 (tcpmux) - Indicates someone searching for SGI Irix machines. Irix is the only major vendor that has implemented tcpmux, and it is enabled by default on Irix machines. Port 7 (echo) - You will see lots of these from people looking for fraggle amplifiers sent to addresses of x.x.x.0 and x.x.x.255. A common DoS attack is an echo-loop, where the attacker forges a UDP from one machine and sends it to the other, then both machines bounce packets off each other as fast as they can. Port 11 (sysstat) - This is a UNIX service that will list all the running processes on a machine and who started them. This gives an intruder a huge amount of information that might be used to compromise the machine, such as indicating programs with known vulnerabilities or user accounts. It is similar the contents that can be displayed with the UNIX "ps" command. ICMP doesn't have ports; if you see something that says "ICMP port 11", you probably want.Port 19 (chargen) - This is a service that simply spits out characters. The UDP version will respond with a packet containing garbage characters whenever a UDP packet is received. On a TCP connection, it spits out a stream of garbage characters until the connection is closed. Hackers can take advantage of IP spoofing for denial of service attacks. Port 21 (FTP) - The most common attack you will see are hackers/crackers looking for "open anonymous" FTP servers. These are servers with directories that can be written to and read from. Port 22 (ssh PC Anywhere) - Used by PC Anywhere. You will sometimes be scanned from innocent people running this utility.Port 23 (telnet) - The intruder is looking for a remote login to UNIX. Most of the time intruders scan for this port simply to find out more about what operating system is being used. Port 25 (smtp) - Spammers are looking for SMTP servers that allow them to "relay" spam. Since spammers keep getting their accounts shut down, they use dial-ups to connect to high bandwidth e-mail servers, and then send a single message to the relay with multiple addresses.Port 53 (DNS) - DNS. Hackers/crackers may be attempting to do zone transfers (TCP), to spoof DNS (UDP), or even hide other traffic since port 53 is frequently neither filtered nor logged by firewalls.Port 67, 68 (bootp DHCP) - Bootp/DHCP over UDP. Firewalls hooked to DSL and cable-modem lines see a ton of these sent to the broadcast address 255.255.255.255. These machines are asking to for an address assignment from a DHCP server.Port 69 (TFTP) - (over UDP). Many servers support this protocol in conjunction with BOOTP in order to download boot code to the system. However, they are sometimes misconfigured to provide any file from the system, such as password files. They can also be used to write files to the system.Port 79 (finger) - I know the name sounds shocking, but it is rather dangerous. On this port, hackers are using this port to discover user information, fingerprint the OS, exploit known buffer-overflow bugs, and bounce finger scans through your machine to other machines.Port 98 (linuxconf) - The utility "linuxconf" provide easy administration of Linux boxen. It includes a web-enabled interface at port 98 through an integrated HTTP server. It has had a number of security issues.Port 109 (pop2) - POP2 is not nearly as popular as POP3 (see below), but many servers support both (for backwards compatibility). Many of the holes that can be exploited on POP3 can also be exploited via the POP2 port on the same server.Port 110 (pop3) - POP3 is used by clients accessing e-mail on their servers. POP3 services have many well-known vulnerabilities.Port 111 - Sun RPC PortMapper/RPCBIND.Port 113 (identd auth) - This is a protocol that runs on many machines that identifies the user of a TCP connection. In standard usage this reveals a LOT of information about a machine that hackers can exploit. However, it used by a lot of services by loggers, especially FTP, POP, IMAP, SMTP, and IRC servers.Port 119 (NNTP news) - Network News Transfer Protocol, carries USENET traffic. This is the port used when you have a URL like news://comp.security.firewalls.Port 135 (local serv MS RPC end point mapper) - Microsoft runs its DCE RPC end-point mapper for its DCOM services at this port.Port 137 (netbios name server) - (UDP) This is the most common item seen by firewall administrators and is perfectly normal.Port 139 (netbios file and print sharing) - Incoming connections to this port are trying to reach NetBIOS/SMB, the protocols used for Windows "File and Print Sharing" as well as SAMBA. People sharing their hard disks on this port are in danger.Port 161 (SNMP) - (UDP) A very common port that intruders probe for. SNMP allows for remote management of devices.Port 177 (xdmcp) - Numerous hacks may allow access to an X-Window console; it needs port 6000 open as well.Port 535 (cobra IIOP) - (UDP) If you are on a cable-modem or DSL VLAN, then you may see broadcasts to this port.Port 1024-1027 - Many people ask the question what this port is used for. The answer is that this is the first port number in the dynamic range of ports. Many applications don't care what port they use for a network connection, so they ask the operating system to assign the "next freely available port".Port 1080 (Socks) - This protocol tunnels traffic through firewalls, allowing many people behind the firewall access to the Internet through a single IP address. In theory, it should only tunnel inside traffic out towards the Internet.Port 1243 (Sub-7) - Trojan Horse (TCP).Port 1524 (ingreslock backdoor) - Many attack scripts install a backdoor shell at this port.Port 3128 (squid) - This is the default port for the "squid" HTTP proxy. An attacker scanning for this port is likely searching for a proxy server they can use to surf the Internet anonymously. You may see scans for other proxies at the same time, such as at port 8000/8001/8080/8888.Port 5632 (pcpanywhere) - You may see lots of these, depending on the sort of segment you are on. When a user opens pcAnywhere, it scans the local Class C range looking for potential agents. Hackers/crackers also scan looking for open machines, so look at the source address to see which it is.Port 6776 (sub-7 artifact) - This port is used separately from the SubSeven main port to transfer data.Port 6970 (real audio) - Clients receive incoming audio streams from servers on UDP ports in the range 6970-7170.Port 13223 (pow wow) - The "PowWow" chat program from Tribal Voice. It allows users to open up private chat connections with each other on this port. The program is very aggressive at trying to establish the connection and will "camp" on the TCP port waiting for a response. This causes a connection attempt at regular intervals like a heartbeat.Port 17027 (conducent) - Outbound: This is seen on outbound connections. It is caused by users inside the corporation who have installed shareware programs using the Conducent "adbot" wrapper. This wrapper shows advertisements to users of the shareware.Port 27374 (sub-7) - Trojan Horse (TCP).Port 30100 (net sphere) - Trojan Horse (TCP).Port 31337 (back orifice) - This number means "elite" in hacker/cracker spelling. Lots of hacker/cracker backdoors run at this port, but the most important is Back Orifice. At one time, this was by far the most popular scan on the Internet.Port 31789 (hack-a-track) - This trojan includes a built-in scanner that scans from port 31790, so any packets FROM 31789 TO 317890 indicate a possible intrusion.Port 33434 - 33600 (traceroute) - Used for tracing IP addresses from one endpoint to another. If you see this, then someone is probably tracing your IP to see how the routing is to your connection from his/her's.

Internet Security & Firewalls -

Trojan Horse Probes & ConclusionTo find out what ports are currently open on your machine, type the following in an MS-DOS prompt to see the 1234 'listening port":netcat -L -p 1234If you want to findout the owner of a specific ip address, go to one of the following addresses below:http://www.arin.net/whoisHere are many ports that Trojans use in order to work.555 - phAse zero1243 - Sub-7, SubSeven3129 - Masters Paradise6670 - DepThroat6711 - Sub-7, SubSeven6969 - Gatecrasher21544 - GirlFriend12345 - NetBus23456 - EvilFtp27374 - Sub-7, SubSeven30100 - NetSphere31789 - Hack'a'Tack31337 - BackOrifice, and many others50505 - Sockets de TroieIn addition, here are some ports that many games need to use in order to operate correctly.7777 - Unreal, Klingon Honor Guard7778 - Unreal Tournament22450 - Sin26000 - Quake26900 - Hexen 226950 - HexenWorld27015 - Half-life, Team Fortress Classic27500 - QuakeWorld27910 - Quake 228000 - 28008 - Starsiege Tribes28910 - Heretic 2Now you should have a better idea of how to protect yourself while you surf the Internet, be it at home or in the office. I hope you had fun reading this article and will use it for future references to help protect you and your valuable information.

PRICING: You can find products similar to this one for sale below.

USUnited States: Find other tech and computer products like this over at Amazon.com

UKUnited Kingdom: Find other tech and computer products like this over at Amazon.co.uk

AUAustralia: Find other tech and computer products like this over at Amazon.com.au

CACanada: Find other tech and computer products like this over at Amazon.ca

DEDeutschland: Finde andere Technik- und Computerprodukte wie dieses auf Amazon.de

Nothing exciting to see here.

We openly invite the companies who provide us with review samples / who are mentioned or discussed to express their opinion. If any company representative wishes to respond, we will publish the response here. Please contact us if you wish to respond.
Newsletter Subscription

Latest News

View More News

Latest Reviews

View More Reviews

Latest Articles

View More Articles