| Contractors use the word firewall to denote a physical | | | | specify both port number and protocol. What you |
| barrier to keep flames from spreading from room to | | | | should aim for is close any port that you don't know |
| room. Home networks also have (or should have) | | | | for sure that you need open. Only open ports or allow |
| firewalls. These are hardware, software or a | | | | protocols in the direction you need - and only when |
| combination of the two which protects a network | | | | you know that you do. Closed in both directions should |
| from being accessed by unauthorized persons and by | | | | be the standard unless needed. |
| malicious software. | | | | HTTP: This is the standard protocol used for data |
| Computer firewalls can protect your system in two | | | | requests over the internet, both sending (uploading) or |
| ways. They can keep programs from making | | | | receiving (accessing web pages, downloading). Your |
| connections to the internet, which keeps an infected | | | | system firewalls should have port 80 open for HTTP. |
| program or a virus from spreading. More commonly, | | | | Secure HHTP (or HTTPS) uses port 443 instead. Port |
| however, the purpose of home networking firewalls is | | | | 8080 is also common for HTTP connections. |
| to keep your system shielded from outside attempts | | | | FTP: Commonly used for file transfer over networks, |
| to access it. Unauthorized access attempts may be | | | | you'll need to open port 20 for this protocol. |
| from the internet, other computers on your own home | | | | SMTP: Used for sending and receiving email, this |
| network, or even "wardrivers" (hackers passing | | | | protocol requires port 25 to be opened. |
| through with wireless computers) who can simply drive | | | | POP3: Also used for many email systems. Open port |
| by and put a virus on your network. | | | | 110 for incoming POP3 traffic. |
| Protecting your network from some types of access | | | | DNS: DNS needs to both send and receive in order to |
| can make it more difficult for them, even if they | | | | perform the function of translating IP addresses into |
| manage to get to your network.Of course, blocking all | | | | domain names. Open port 53 in both directions for this |
| traffic going both ways would make having a network | | | | important functionality. |
| useless. Network security is all about striking a balance | | | | DHCP: If your IP address is dynamically assigned |
| between keeping some traffic out while allowing | | | | rather than static you'll need to open port 68 to allow |
| access for the traffic you want. Where exactly this | | | | this protocol. |
| balance lies is a difficult question. There are a number | | | | DOOM: If you play Doom, you're going to need to |
| of more or less standard items which people should | | | | open port 666. Otherwise, as with any other port you |
| pay attention to when trying to implement effective | | | | won't be using, close it in both directions. |
| firewalls system. The two most common are the UDP | | | | A lot other ports are used by various services, such |
| and TCP protocols. | | | | as port 1433 (Microsoft SQL Server needs this one). |
| UDP is a broadcast protocol and does not require you | | | | Any program which needs a particular port should |
| to have a two way connection. TCP, by contrast is | | | | mention this in the documentation. Be careful when |
| two directional. UDP can be incoming or outgoing, for | | | | setting up your network firewalls system because it |
| instance when you ping a server. When you want to | | | | will provide good security to you! |
| open a port in your firewalls, you typically have to | | | | |