What’s the deal with: Ports and Firewalls

      Comments Off on What’s the deal with: Ports and Firewalls

What's the deal with: Ports and FirewallsWhen computers were first developed they could only carry out one task at a time. This meant that when they communicated with each other, only one door was needed to let the deliveryman with the ‘packets’ of data in and out.

As computers became more complex, they gained the ability to carry out many tasks at the same time. This meant that one door was no longer sufficient to let all the deliverymen carrying data for the various functions in and out simultaneously. To solve this problem ports were developed, with individual ports being assigned to different types of data transmission. For example, the port we use for email is port 25, while the ports we use to visit websites are ports 80 or 443. As the number of computer processes has increased, so has the number of ports: 65,535 now exist.

The problem is, each open port gives hackers a potential way into your computer. The majority of ports can be closed by users because they are not needed for a normal machine to network or run internet communications – comparable to locking a door that’s not in use. However, some ports – like those listed above – must remain open in order for us to be able to use email and access the internet. Many types of penetration testing and security assessments scan companies’ IP addresses to ensure that only those ports that need to be open are in fact open.

But how do you ensure traffic coming through the open ports is not malicious? You use a firewall. It works like a security guard inspecting (data) packets before deliverymen can take them through the door. There are various different methods of doing this, including checking to see where the data is being sent to and from. If for instance, it is coming from a website that is known to be malicious, all data coming from the corresponding IP address can be blocked from going through ports 80 and 443.

However, firewalls are not fool-proof and cannot look inside the packets they’re ‘inspecting’. This is important because as we know, malicious content can be hidden within websites or emails that look legitimate from the outside. This is why it’s so important for companies to implement additional security measures such as anti-virus software and endpoint solutions in order to help secure their systems.