Step 9: Secure the Network with a Firewall

Previous page
Table of content
Next page


In security terms, a network firewall is hardware or software that filters information passing through it. For example, you can put a firewall between a Web server and the Internet. This can be done physically with a hardware box— such as a LinkSys Internet gateway, where the Internet cable plugs in one side and the intranet cable plugs in the other side. This can also be done logically, with software such as the Windows XP Internet connection firewall. A firewall is used to restrict the flow of TCP and UDP packets based on the port they are using. A port is a 16-bit number embedded in a TCP or UDP packet. Different services choose different ports. For example, Secure Sockets Layer (SSL) communication uses port 443, and SQL Server uses port 1433. Table 13-1 lists a summary of common useful ports. For a complete list, see the document “Port Numbers” on the Internet Assigned Numbers Authority’s Web site at http://www.iana.org/assignments/port-numbers.

Table 13-1: Commonly Used Ports

Port

Description

20, 21

FTP

23

Telnet

25

SMTP

53

DNS

80

HTTP. All http communication, including most Web pages, postings, and requests for Web pages.

110

POP3

119

NNTP

135

DCOM

443

HTTPS. All SSL communication.

1433

SQL Server

1723

PPTP

9595

Ping

Here is an example of how ports work: if SQL Server is installed on a machine connected to the Internet and port 1433 is open, people will be able to access SQL Server from the Internet (although if the guest account is disabled, they might not be able to do anything). If port 1433 is closed, people will not be able to contact SQL Server because all traffic on port 1433 is blocked. Closing ports reduces the attack surface. The model you should use for a firewall is: close all ports by default, and open only the ports you absolutely need to. For most Web sites, this means opening ports 80 and 443, which allow HTTP and HTTPS traffic. For accessing mail over the Internet, you should also open the POP3 and SMTP ports, 110 and 25, respectively. The Internet Storm Center Web site (http://isc.incidents.org/) provides interesting statistics on which ports receive the most attacks.

Just as network firewalls filter on port address, an application firewall can do additional filtering based on the content of the traffic. URLScan is a good example of an application firewall, which examines and further filters TCP/IP packets based on what the packet does. It is recommended for Web sites to use both a network firewall and the URLScan application firewall.


Previous page
Table of content
Next page
Security for Microsoft Visual Basic .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
A Practitioners Guide to Software Test Design
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy