Hack 51 Close Down Open Ports and Block Protocols
 
You don't need a firewall to
protect your PC; you can manually close down ports and block certain
protocols.
As noted in [Hack #46] and
[Hack #48], firewalls can protect your
PC and your network from intruders. But if you don't
want to install a firewall and you still want protection, you can
manually close down
ports and block protocols.
Some of these ports and protocols are more dangerous than others. For
example, leaving open the port commonly used by
Telnet (port 23) means that someone could
use that service to take control of your PC. And the infamous
Back
Orifice Trojan, which also can give malicious users complete control
of your PC, uses a variety of ports, including 31337 and 31338 among
others. For a list of which ports are used by Trojans, go to
http://www.sans.org/resources/idfaq/oddports.php.
In this hack, you'll need to know which ports you
want to be open on your PC, such as port 80 for web browsing, and
you'll close down all others. For a list of common
ports, see Table 5-2 [Hack #49]. For a complete list of ports, go
to http://www.iana.org/assignments/port-numbers.
To close down ports and protocols manually, right-click on
My Network Places and choose Properties
to open the Network Connections folder. Right-click on the connection
for which you want to close ports and choose Properties. Highlight
the Internet Protocol (TCP/IP) listing and choose Properties. On the
General tab, click the Advanced button. From the Advanced TCP/IP
Settings dialog box that appears, choose Options, highlight
TCP/IP filtering, and
choose Properties. The TCP/IP filtering dialog box appears. To block
TCP ports, UDP ports, and
IP protocols,
choose the Permit Only option for each. Doing this will effectively
block all TCP ports, UDP ports, and IP protocols.
You don't want to block all ports, though, so you
have to add the ports that you want to allow to pass—such as
port 80 for web access. You need to keep port 80 open if you want to
browse the web. Click Add to add the ports or protocols that you will
allow to be used, as shown in Figure 5-24. Keep
adding as many ports and protocols as you wish to be enabled, and
click OK when you're done. Only the ports and
protocols that are listed will be allowed to be used.
Keep in mind that there are many hundreds of TCP and UDP ports used
by Internet applications and services. If, for example, you enable
only web access, you won't be able to use all other
Internet resources, such as FTP, email, file sharing, listening to
streaming audio and video, and so on. So, use this hack only if you
want a very limited number of Internet services and applications to
be used by your PC.
|
