Web hosting resellers - CHAPTER 9 HOW TO SECURE YOUR COMPUTER
CHAPTER 9 HOW TO SECURE YOUR COMPUTER Outbound traffic is any kind of data originating on your computer that is sent out on the network and/or Internet. By default, Firestarter allows out all data, no matter what it is. This is described as a permissive policy. But Firestarter can be configured to block all outgoing connections apart from those you opt to allow through. This is described as a restrictive policy and can be useful in blocking certain types of programs that phone home with personal data about you, such as spyware. It can also prevent certain types of viruses and worms from spreading. The downside is that you must configure Firestarter to take into account every type of outgoing data connection, such as those for web browsers, instant messaging programs, and so on. You can configure Firestarter by clicking the Policy tab in the main program window. Click the Editing drop-down list and choose to configure either the inbound traffic policy or the outbound traffic policy. Note Firestarter is used only to configure the built-in firewall and doesn t need to be running for the firewall to work. Once you ve finished configuration, you can quit the program. You ll need to use it again only if you wish to reconfigure the firewall. Setting Inbound Rules For most users, Firestarter s default inbound traffic policy will be perfectly acceptable. It configures the firewall to disallow all uninvited incoming data connection, apart from certain diagnostic tools, such as ping, traceroute, and so on. You can choose to disallow those as well, as described shortly in the Turning Off Diagnostic Services section. You might wish to allow an incoming connection if you intend to connect to your computer via SSH from a remote location or if you have a shared folder created for other computers in your office. It s a must if you re running the BitTorrent file sharing application. Additionally, if you run a web, e-mail, or other type of server on your computer, you will need to allow the correct type of incoming connection here. Here s how to set inbound connection rules: 1. In the Firestarter main window, click the Policy tab. Select Inbound Traffic Policy in the Editing drop-down list. 2. Right-click in the second box on the Policy tab (with the headings Allow Service / Port / For), and then select Add Rule. 3. The Add New Inbound Rule dialog box appears. In the Name drop-down list, select the type of outgoing connection you want to allow, as shown in Figure 9-5. To allow others to access shared folders on your computer, select Samba (SMB). To allow SSH or BitTorrent connections to your computer, select the relevant entry from the list. Selecting the service will automatically fill in the Port box, which you shouldn t alter unless you know exactly what you re doing.