[Dshield] Standalone firewall for ics at home

Cefiar cef at optus.net
Wed Dec 14 01:47:14 GMT 2005


On Wednesday 14 December 2005 04:20, Benjamin Koch wrote:
> Off course - at every workstation is kaspersky av installed but i have
> a friend who uses a netgear router and he has problems with some
> trojans/viruses in fact of using the routers firewall. With my linux
> firewall i never had a problem with worms...

Not a suggestion, but some small advice:
 In any router you check out, see if it supports UPnP. Where possible, disable 
it unless you're really sure you need it. Even then, I'd still disable it and 
only enable it when you really need it.

UPnP allows a machine to tell the firewall what ports to forward through. This 
means that effectively if UPnP is enabled, and the machine behind it runs an 
app that tells UPnP to open a port, said port will be live to the net. Of 
course, this means that any app on the machine can (and will) effectively 
bypass the firewall. I'm pretty sure some viruses, worms and even spyware 
take advantage of this, which may be the reason for some of the problems your 
friend with the Netgear is having.

Sure, this can break a few apps, but most stuff will work without a problem. 
Anyway, you can always turn it on for those times you REALLY need it; just 
remember to turn it off later.

Also, a firewall just stops things connecting to you, and depending on the 
config, stops you connecting out. This doesn't stop viruses via email or the 
web infecting your machine. If you can, I'd recommend at least blocking a 
number of known ports from going out at all (such as 137-139, 445, etc) and 
blocking connections out to some ports based on IP address (eg: only allow 
machines behind the firewall to connect to the ISP's mailserver on port 25, 
etc). This, at a minimum, stops a large majority of problems. Not as 
effective as blocking all connections and only allowing select things though 
(really the best policy), but it's better than just allowing everything 
though unchecked.

Lastly, unless absolutely necessary, disable remote configuration options, and 
remember to change the default password (and username even if possible) on 
the device. No use having a firewall if everyone can get into it using the 
default password and fiddle with it.

-- 
 Stuart Young - aka Cefiar - cef at optus.net


More information about the list mailing list