Broadband and ISDN Internet connections can make access to the Internet seamless and permanent. However, they open a doorway to your home or business. You need strategies and tools police the visitors:

The Firewall

Firewalls let you decide what type of traffic comes through your doorway.

There are three main firewall types

• Computer Based (software)
• Router Based
• Standalone

Computer Operating systems such as Windows XP or Mac OSX have built in firewalls and there are numerous third party software based firewall solutions available. A typical application will combine firewall software with Internet sharing software.

Router based solutions place the firewall at the place where traffic is sorted and directed. This is a very logical place as the router already needs to find out where the data is going before passing it on.

There are several advantages with having your firewall at a router:

• In a multiple computer configuration you only have to deal with one firewall
• Blocked traffic never reaches your computers
• The firewall configuration is fixed in a device outside your computer.
  Computers are multiple use devices that are used, changed and modified regularly. They are not the ideal home for a strong, fixed firewall
• The hardware in a router is designed to inspect packets of data and direct them. Processors and memory in a router are optomised to sort traffic they are more efficient and therefore faster than the software running in a PC

You can’t restrict to outgoing traffic only because when you are using the Internet you’re typically requesting incoming data (remember your broadband service is probably configured to give disproportionably high download speed as you usually request data from the Internet).

Firewall configuration

So what can you restrict?

Firewalls can block traffic by port number, computers look for different types of traffic on different ports. For example; Port 80 is always used for traffic with http protocol – the protocol used for web browsing. Blocking all traffic on port 80 will stop all http traffic and therefore stop all web browsing.

Firewalls can also block traffic based on where it comes from or is going to. The traffic carries a sender and receiver IP address.

We recommend the following strategies:

• Block all ports and then choose what to allow through.
  
• For typical home use add specific entries to allow the following traffic:
  
  Port 80 – HTML
  This needs to be allowed for web browsing to function.
  
  Port 25 – SMTP
  This is the SMTP (Simple Mail Transport Protocol) port and needs to be allowed for email clients to successfully hand mail to the ISP’s server for delivery
  
  Port 110 – POP
  This is the POP (Post Office Protocol) port, and is used by the majority of mail clients to retrieve internet email from the ISP servers.
  
  Port 443 – SSL
  This is the SSL (Secured Sockets Layer) protocol that transmits your communications over the Internet in an encrypted form. SSL ensures that the information is sent, unchanged, only to the server you intended to send it to. Online shopping sites frequently use SSL technology to safeguard your credit card information. There for should be enabled for Web browsing to fully function.
  
• Do not block ICMP
  
  The firewall should always be configured to allow ICMP (Internet Control message Protocol). ICMP does more that the basic ping command it is commonly associated with. In addition to basic troubleshooting ICMP is used in detection of network errors, congestion and timeouts. ICMP is commonly used to discover the MTU (maximum transfer unit) between computers, indiscriminately blocking ICMP can result in degraded performance.
  
• Consider opening these ports depending on your requirements
  
  Port 993 – IMAP
  IMAP (Internet Message Access Protocol) is a standard protocol for accessing e-mail from your local server. IMAP is a client/server protocol in which e-mail is received and held for you by your Internet server. You can view just the heading and the sender of the mail and then decide whether to download the mail. You can also create and manipulate folders or mailboxes on the server, delete messages etc. However not all ISP’s support this on their mail servers, where it is supported and to be used, this port should be opened.
  
  Port 23 – Telnet
  This is a fairly common protocol, although not widely used in the home environment, you may require to enable outbound Telnet to access other servers
  
• Open other ports as required
  
  There are many more ports available that you may need to open to allow specific traffic. Checkout the comprehensive list of port numbers here

Follow these links to common software solutions and more firewall information:

Symantec Personal Firewall

Windows XP Firewall

Mac OSX Security information

Wingate product information