Firewall configuration is no piece-of-cake for the untrained user. Configuring a firewall is something that needs “learning-by-doing". This makes it a tricky task to supply a good, general guide without moving into the grey areas when it comes to security, where one may no longer be safe.

A computer uses of 65535 different ports. A guide charting all of these ports would have been massive. In the end all 65535 ports can be exploited, and aside from some general recommendations, there exists no indisputable answers.

Below you’ll find some key points on configuring your firewall.

Incoming connections

Be cautious of all incoming connection attempts unless you absolutely know and understand what the connection concerns. When detecting an incoming connection, the standard question from NPF will be: Do you want to allow the incoming connection from Internet/network to.... Generally the answer to this question should be no, followed by checking all services/ports and all addresses.

Outgoing connections 

1. When you initiate an application, you will normally need to answer yes to questions from NPF on outgoing connection. As long as your antivirus and antispyware programs are kept continuously updated, you should feel relatively safe when allowing these applications to connect. You may therefore allow the application access through all services to all addresses. Experienced and safety conscious users may allow the program access through only the port in question, to the address in question only, or to any address. The latter approach will generate more pop-ups if the program is using more than one service and needs outgoing connections for several addresses. 
   
   
2. Scheduled Internet updates set to connect at specified times, will produce pop-up questions from NPF asking the user for permission to access the Internet. This is the case with Norman Internet Update like many others. The tricky part on these occasions is usually recognizing the name of the program file corresponding with the program. In the case with Norman Internet Update, the name of the corresponding program file is niu.exe. 
   
   
3. Some firewalls, Norman Personal Firewall for instance, will not allow new versions of already allowed programs access to the Internet without user confirmation. This function was originally implemented to uncover various new and unknown viruses modifying Internet applications and attempting to access the Internet for more unsavoury purposes.
   
   This function may be difficult to relate to with Windows Update and Norman Internet Update, because these applications update themselves more or less transparent for the user.

Active content (Active X and Applets) 

Active X and Applets are technologies with access to the main core of your system, and should therefore be accepted with care from unknown addresses. For known addresses, such as Internet banking, online newspapers and web pages belonging to familiar, serious organizations, allowing Active X and Applets does not pose much of a threat. Active X and Applets from unknown addresses on the other hand, should be handled with care. If the address given in the Active X or Applet pop-up contains the word Ad, you can be quite sure this is some type of commercial and should not be accepted.

Problem areas

Some Internet applications, MSN Messenger for instance, needs access to a large number of ports (services). Instant messenger and file sharing applications have on many occasions turned out to be exposed to malicious attacks. You should therefore be careful when allowing access to such programs if you are not sure whether or not they pose a security threat. Most users want freedom rather than limitation, but a general recommendation from a an IT security organization such as Norman should contain a heads up for applications such as MSN, KAZAA and other file sharing applications.

What to answer when not sure?

If your hesitation regards security rules for incoming connections, your answer should definitely be no. If you wish to investigate what a port or service is all about before making a permanent decision, you can make the rule apply to Only this session. Then perform an Internet search with a reliable search engine, www.google.com for instance, or with a known supplier of firewalls on port number or service name. This will make you more qualified to select the correct response on the next occasion and make a permanent firewall rule.

Example:

I receive an inquiry from the firewall asking if I want to allow an incoming connection through port 135. I have no idea what port 135 stands for and proceed to answer no to this connection followed by “Only this session". I then open Internet Explorer, go to www.google.com and perform a search for the term port 135. Immediately I find numerous articles about security flaws in DCOM and worms taking advantage of these. This gives me a definitive clue which leads me to conclude that port 135 is something I should permanently deny access to.

Locked out - what now? (Troubleshooting)

On occasion you may experience problems connecting to the Internet after being too restrictive when creating your firewall rules. Suddenly you are experiencing trouble connecting to your online bank for instance or sending email. On such occasions, follow the instructions below:

Is the firewall to blame for your connection problems?

Follow these instructions to find out: 

1. Right-click the little, green icon representing the firewall in the lower right corner of your screen. 
2. Choose Settings... 
3. In the Status module, choose Turn engine off
4. Restart the application experiencing connection problems and try to connect again. If it connects without problems you have determined that your firewall is indeed what is causing the problems, and must be too restrictively configured.

Which firewall rule is to blame?

The first thing you need to check are the rules in the Security module. 

1. Right-click the little, green icon
2. Choose Settings... 
3. Select the Security module 
4. Choose Rules 
5. Take a look at the Action column, and then the Application column to check for rules that may deny access for the applications you are experiencing problems with. 
6. If performing point 5 yields results, double-click the rule denying the application and change the action or other parameters in order to permit the connection 
7. Close the firewall console and start the affected application again.

If you are still experiencing problems these could be related to rules for Active content 

1. Right-click the little, green icon 
2. Choose Settings... 
3. Choose the Active content module 
4. Choose Advanced 
5. Take a look at the Domain column to check for rules limiting active content from the address experiencing difficulties. Modify the rule(s), close the firewall console and start your browser again.

Useful resources on our web:

• http://www.norman.com/Download/User_Manuals/
  Norman_Personal_Firewall
• http://www.norman.com/Support/FAQs/
  Norman_Personal_Firewall
• http://www.norman.com/Support/Knowledge_bases/
  Norman_Internet_Control