|
| |
 |
|
|
configuration changes - security
Click in the check box to add a check mark next to the following
items. I've included a brief description of the features we will enable.
-
Stealth Mode and Block Ping - Enabling these settings reduces the ability of a
malicious individual to gather information that can be useful to attack
your computer/s and network if you have one set up.
- Strict UDP Session Control - UDP stands for "User Datagram Protocol". UDP is
often used to transmit video and voice across a computer network or the Internet.
Restricting UDP limits traffic sent to your computer from unknown sources. Some
online applications may not work with Strict UDP Session Control enabled.
|
| |
inbound and outbound control
Click in the check box to remove the check mark next to the
following items. Removing the check mark configures the firewall to NOT allow the
associated traffic to pass through to your computer. You may consider taking a
methodical approach and disable one item at a time. After each item is disabled
check to see if all your Internet enabled applications (and local network)
work as usual.
|
| |
You can restore all the firewall defaults and start over at any time by clicking
the "Restore Defaults" button at the bottom right hand side of the "Edit Advanced
Firewall Settings" page (the page we are currently working with). I've included
short descriptions of what we will disable (not allow). This information is
included as a reference in case you want to learn more. You don't have to know
or understand the information to implement the changes I suggest. You can simply
skip to the image I provide below and use it as a reference
to make the changes.
-
FTP - FTP stands for "File Transfer Protocol". FTP is used to
transfer files between computers. If you download software from the Internet you
may need to keep FTP enabled. If you do not need/use it do not enable
it.
-
Telnet - Telnet stands for TELecommunication NETwork. It can me
used to remotely access and control another computer. Telnet is seldom used
anymore because of security issues.
-
DNS - DNS is a system to translate an Internet domain name into
an IP address. For example, www.AdvPC.net has a number "147.132.42.18" (IP address)
that corresponds to it. The number and name both serve as an address. You probably
do not need to enable (allow) DNS unless you are running a "server". If you do
not know what I mean by a "server" than you probably DO NOT need to enable
DNS.
-
NetBIOS - Network Basic Input/Output System allows applications
on separate computers to communicate over a local area network. This is an older
technology and few modern home or SOHO (small office, home office) computer users
should need it.
-
IMAP - Internet Message Access Protocol is sometimes used to
access e-mail on a remote server (computer). Most people who use e-mail DO NOT
need this and normally use POP3 (Post Office Protocol). I have enabled (allowed)
POP3 to provide e-mail retrieval.
-
NNTP - Network News Transfer Protocol is used by people to read,
access and download information provided by a "newsgroup". In order to access
information on a newsgroup you need a "news client". Some e-mail clients (what
you use to read your e-mail) like "Outlook Express" also serve as newsreaders.
If you do not know what I'm referring to here than you likely DO NOT need NNTP
enabled.
-
IRC - Internet Relay Chat is a form of real-time Internet chat.
IRC allows both individual and group chat. IRC is also often a communication method
used to control some types of
"Trojans horse" programs and
bot
nets.
-
H323 - H.323 refers to the traffic associated with voice
transmission over the Internet or VoIP (Voice over Internet Protocol). Other
common descriptions or names for VoIP are Broadband Phone, Broadband telephony,
Voice over Broadband and Internet telephony. If you do not use this technology
do not enable it.
-
All Other Protocols - I have found no documentation that describes
what specific types of traffic this setting allows if it is enabled.
However, Internet browsing, e-mail and most popular Internet enabled multimedia
(audio, video) applications function properly with "All Other Protocols"
disabled. If you use the "Real Player"
multimedia player you will need to retain the check mark to allow the necessary
traffic required for "Real Player" to function properly.
-
Remote Management - With remote management enabled you can
access and configure the 2WIRE 2700HG-B or similar device remotely across the
Internet. You do not need to be directly connected by cable or wirelessly to the
device to make configuration changes. If you do not need this functionality
disable it.
|
| |
| The following image shows the "Advanced Firewall
Settings" page after my suggested changes have been made. Use it as a quick
reference. Click the following image to see a larger version.
|
| |
| |
|
| |
|
Click the "Save" then "Confirm" buttons to save your changes (see the
following image).
|
| |
|
| |
|
The next section will cover how to improve the security and privacy of
computer users that connect to a wireless access point. I use the
2WIRE 2700HG-B "gateway" in my examples. However, the concepts I discuss are
applicable to other similar devices.
|
| |
|
NOTE: Keep your browser open/running with the management interface showing.
We will make additional changes on the following pages. Skip
to the last section of this tutorial if you do not intend to use the wireless access point
component of the 2WIRE 2700HG-B (or similar) device. I will discuss how to set a password
to protect the devices management interface and why it's important to do so.
|
|
|
 |
|
| Copyright © 1996-2011 Tom Bowser. All rights reserved. |
