Network Security guide for the home or small business network – Part 1 – A Hardware firewall



Computers can communicate over networks. (Surprise!) That’s how you’re reading this post. The machine that this site is hosted on is listening for requests for connection. When it receives a request it answers back with a web page. In fact, computers can listen for a great many different kinds of connection at the same time. In networking we talk about a computer listening on a given “port”. The web server for this site (and most web sites) listens on what’s called port 80. There are 65535 possible network ports that a computer can listen for incoming connections on.


Sometimes I use an analogy for ports comparing them to doors and windows in your house. Your home has doors and windows. People or animals or flies can come in to any window or door that’s open, but not doors or windows that are closed, right? It’s best then, if you don’t want unwanted pests *(or people or anything else) in your house to leave the doors and windows closed and locked. So what’s the best way to make sure that those ports are locked on a pc?

A hardware firewall. If you have a high speed internet connection you pretty much need some sort of hardware firewall. Sometimes combination cable/dsl modems/routers will serve the same purpose as a simple hardware firewall. How can you tell? There are some online tools that will help. My favorite is at GRC.com (Gibson Research). The port scanning tool is called “Shields up” Go to their page, there will be a brief welcome page, then the homepage, scroll down until you see the link to ShieldsUP! READ the page, then click proceed. Now read this page and under services click “All service ports”. This scan will only cover the first 1056 network ports, but should give an idea if you have a firewalled connection or not.

IF, the scan shows that all the ports are “stealth” that’s very good, you are probably well firewalled. If the ports show up as closed that’s still good, but not AS good. It might be worth to investigate further to see if you do have a hardware firewall of some sort. If ports show up as open you will need to make a list of which ports appear open (by the numbers) and find out why. In the meantime you should probably firewall the connection.

Now, obviously if someone else is managing your internal network, you need to consult with them on this. It’s possible that those open ports are there for a reason, but if YOU are an end user that has directly bought internet service from a high speed ISP and has never had a computer consultant in to manage your network, then you need to take responsibility. NEVER assume that “the phone company must have made it secure when they set it up.”

Hardware firewalls come in many sizes and featuresets. Mine is a PC running a linux distribution designed to be a firewall. (Old 486 based computer with 32 MB of memory). I used to have a small box from netgear that offered several features for logging. The simplest will allow you to deny all inbound connections by default and let you manage what connections in you want to allow. It’s worth noting that installing a hardware firewall will not prevent you from getting email, browsing the web or many other tasks online. SOME things, like peer to peer file sharing (bit torrent) work better with modifications to a firewall, but that’s a more advanced topic. The fact is this: security is a balancing act between convenience and safety. Something’s are worth doing. A hardware firewall is one of those.

But I have windows firewall enabled isn’t that safe? Yes, but…. a hardware firewall is a much better solution. More next time…

   Send article as PDF   

Similar Posts