COMPUTER INTERNET SECURITY CLASS


PC Home Computer

FIREWALL RULE MAKING
After Examining the Security and Traffic Logs

Home

Look at the Sygate Firewall below as only an example. Find the Security and Traffic Logs in your firewall program.


The Security Log is the most important log in your firewall to analyze. It shows the potentially threatening activity toward your computer.
Focus your attention on the IP addresses of the Remote Hosts. You should make rules to block all unwanted IPs on this log except ones that might include your Local Host (ISP)!

Right click on each line and you might be able to do a "BackTrace". After the "BackTrace" has been completed, you might be able to do a search at "Whois" to discover the owner of the Remote Host IP address and the range of IP addresses that they use. If you can not access "Whois" after the "BackTrace", then go to the "Whois" website at https://www.arin.net/whois/ and do your search. Record all the ranges of Remote Host IP addresses that you find to use making Rules as shown below.

You will want to analyze the Traffic Log for one or two days and all the incoming and outgoing traffic. If you find unapproved activity for Remote Hosts, then you might want to block the incoming and outgoing activity with the "Rules".

Focus your attention on the IP addresses of the Remote Hosts with the unapproved activities. Right click on each line and you might be able to do a "BackTrace". After the "BackTrace" has been completed, you might be able to do a search at "Whois" to discover the owner of the Remote Host IP address and the range of Remote Host IP addresses that they use. If you can not access "Whois" after the "BackTrace", then go to the "Whois" website at http://www.arin.net/whois/ and do your search. Record all the ranges of Remote Host IP addresses that you find to use making Rules as shown below.


Use your firewall's user's manual and/or search for help at websites or forum websites using Google on how to configure or set up Rules on your firewall.


These are some examples of the Rules to exclude or block the incoming or outgoing Remote Host IP addresses, Protocols (ICMP, UDP, TCP) and ports. The best security will be all protocols and all ports for each complete range of unwanted Remote Host IP addresses.


The screenshot of the "Rule Maker". Read the "Rule Summary".


Home

This page was made in 2006 by Jon Schweitzer.
This page was revised 15 October 2012 by Jon Schweitzer.

Send comments about this Web page to Webmaster:
Jon Schweitzer
at jons@1stnetusa.com or E-mail

This page may be freely linked, but not duplicated.
Copyright © 2006-2012 by Jon Schweitzer. All rights reserved.
This page and any internal links are copyrighted.