Step-by-Step Guide

Determine your packet filtering needs

There are two philosophies to blocking ports, and which one is appropriate for your network depends on the level of security that you require.

For a high-security network, especially when storing or maintaining confidential data, it is normally recommended to "filter by permission." This is the scheme in which all ports and IP address permissions are blocked, except for what is explicitly required for network functions. For instance, port 80 for web traffic and 110/25 for SMTP can be allowed to come from a dedicated address, while all other ports and addresses can be disabled.

Most networks will enjoy an acceptable level of security by using a "filter by rejection" scheme. When using this filtering policy, ports that are not used by your network and are commonly used for Trojan Horses or reconnaissance can be blocked to increase the security of your network. For instance, blocking ports 139 and 445 (TCP and UDP) will make your network more difficult to enumerate, and blocking port 31337 (TCP and UDP) will make you more secure from Back Orifice.

This should be determined during the network planning phase, when the level of security required is compared to the needs of the network users.

    Requires Free Membership to View


Fortifying router security

 Introduction
 Step 1: Change the default password!
 Step 2: Disable IP directed broadcasts
 Step 3: Disable HTTP configuration for the router, if possible
 Step 4: Block ICMP ping requests
 Step 5: Disable IP source routing
 Step 6: Determine your packet filtering needs
 Step 7: Establish Ingress and Egress address filtering policies
 Step 8: Maintain physical security of the router
 Step 9: Take the time to review the security logs

About the author
Chris Cox is a network administrator for the United States Army, based in Fort Irwin, California.

This tip originally appeared on SearchNetworking.com.

This was first published in January 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: