Re: Networking over mains cables

Russell Hafter News wrote:
In article
<slrngibgsn.hfh.usenet@xxxxxxxxxxxxxxxxxxxxxxxxx>, Ollie
Clark <usenet@xxxxxxxxxxxxxx> wrote:

Am I to understand that 'outbound' actually means
'inbound and outbound, only if initiated by me' and
'inbound' actually means 'inbound and outbound, but
initiated by some other computer' ?

That's correct. An outbound connection is one initiated
by you so web, news, time, POP3 email and many other
services only need to be allowed outbound. An inbound
connection is one initiated by another computer outside
the firewall so a webserver needs to allow inbound HTTP
traffic but someone just browsing the web only needs to
allow outbound HTTP traffic.

So, for goodness sake, why use such confusing language??

I presume because it's much more concise than calling them
"a two way connection initiatied from your computer" and "a
two way connection initiated from an external computer".
Afterall, every connection will go both ways. eg. you request
a web page and it gets returned to you.

I don't think it's actually all that confusing TBH. Think of it
in terms of phone calls. An outbound call is one you make but you
can still talk both ways. An inbound call is one someone else makes
and you answer but again you can still talk both ways. Exactly the
same idea.

I think not understanding that has been the root of your
confusion about this. :)

You are quite right, since this is the first time that I
have seen it. And this is supposed to be *much* clearer than
the original!!

After all, I have read about 'ports' for years, but never
until now had any idea what they are, and not in any way
interested enough to find out.

I think I probably rather though a port was what you plugged
the network cable or the modem into - you remember 'serial
port'? - except that some people preferred to give them
numbers rather than names.

In this context the ports are conceptual. You have a conceptual
"port" for each different internet protocol ("service", eg HTTP,
FTP, POP3 email etc.) and all the ports have a number assigned to
them. 80 is HTTP, 110 is POP3, 119 is NNTP etc. Your internet
software will "plug in" to the correct port for what it wants to
do, which means that the remote computer will know which port the
connection is coming in on and know what programme to send the
data to.

Given that e-mail, web-browsing, newsgroups, ftp all go
along the same bit of wire, why would it occur to the non
expert that they used different 'ports', even if they used
to be all connected to the serial port, and are now
connected to the network port/socket?

It probably wouldn't [occur to the non expert]. But ports
are the way of differentiating different types of internet
traffic so the computers on each end know what they're
sending/receiving.

Most people need very few inbound ports open.

Please try and look at it from the point of view of an
average user who has been sold a computer and told to plug
it in and it will work.

It probably will. My router's firewall certainly came set up
to work for the average user. I've changed the settings
significantly only because I run all sorts of servers on my
home network that I want to access from outside that network.
The vast majority of home users won't need or want to do that
(with the possible exception of file sharing).

One day they read something in the paper about online
security; because they are reasonably intelligent they
remember something about there being a firewall in their
router and they try to do something about it.

They find that the instructions are a 183 page PDF, which
IMO is far worse than the proverbial chocolate teapot.

Fiddling around, they find a status page for the firewall,
whill tells them that all or most incoming ports are
either 'false', 'off' or 'blocked'.

Fortunately they know from experience that they do get
incoming traffic, though they have no idea how, given that
it appears to be all blocked. So they do not dare touch
anything because they are concerned that they will break it
if they do.

Should there not be a simple firewall set-up app which
removes all the stuff about ports, tcp etc which most users
neither know nor care about, and can interface with any
firewall?

I'd imagine there are far too many different (and different
types) of firewall for this to be viable. Ideally all firewalls
would have an easy to use/understand interface.

All it would need would be a control panel with a series of
questions:

1. Do you want to send and receive e-mail?

2. a) Do you want to browse the internet?
b) Will you want to use internet banking, and buy stuff
online?

Now who's using confusing terms? ;-P

You browse the WEB. The internet is just a very large network
of networks that the web and lots of other stuff runs over.

3. Do you want access to Newsgroups?

and so on, with the user simply having to select the 'yes'
or 'no' box as appropriate?

And that's pretty much what my router provides. Although I don't
use it. Zone Alarm is similar in that you try to do something, it
blocks it and asks if you want to allow it. You answer yes or no
and it remembers for next time.

There is a desparate need for clear and consistent language
here. Without it, it is no surprise at all that people
cannot / will not get their heads round firewalling and
other security issues.

Agreed. Although blaming people for using "inbound connection"
isn't really fair given that's the standard term.

I would really recommend Internet for Dummies. I read it about
15 years ago and it really cleared up some misconceptions I had
about the whole internet thing. It goes into some good detail but
is easy to understand.
.

Relevant Pages

  • Re: Ports getting hammered?
    ... >>> If your Watchguard can't stop outbound traffic... ... >>> Would not the Windows XP firewall do exactly the same work? ... >> protocol analysis to see if protocols are being broken only a IDS ... > permitted ports and protocols. ...
    (comp.security.firewalls)
  • Re: Networking over mains cables
    ... 'inbound and outbound, only if initiated by me' and ... the firewall so a webserver needs to allow inbound HTTP ... After all, I have read about 'ports' for years, but never ...
    (comp.sys.acorn.networking)
  • Re: New company installing a server on my lan
    ... I should add that for firewall configuration by far the safest strategy is ... > access to inbound ports from specific IP addresses instead of opening up ... > ports to the world. ... >> print services, but I don't want them to gain access to ...
    (microsoft.public.win2000.security)
  • Re: remote desktop info
    ... from Todo list in Server Management to set up Remote Access. ... Firewall here is a list of Ports needed from another NG ... Inbound & Outbound ...
    (microsoft.public.windows.server.sbs)
  • Re: Microsoft update asking for security change - SP 2 firewall operation
    ... the firewall is still an inbound-only blocker. ... inbound traffic must be a response to something that previously went out. ... * For outbound TCP, inbound replies must come from the target IP address ... When the application binds to a socket, whatever port the ...
    (microsoft.public.security)