Why Blocking Ports Isn't Enough

Why Blocking Ports Isn't Enough
As firewall solutions became popular in the mid-1990s, Internet application developers found that their software wouldn't work across many firewall-guarded networks. Network administrators had done their job well and locked down all but a small handful of ports, such as HTTP port 80. Unfortunately, users behind a firewall now couldn't use services such as RealAudio or AOL Instant Messenger that used other ports. Users who wanted these services could ask their network administrators to open the ports, but users had to know enough to ask, and administrators weren't obligated to say yes.

To circumvent this problem of blocked ports, application developers started using commonly open ports like HTTP port 80 to provide their services. Newer standards such as Simple Object Access Protocol (SOAP) are based on the ability to send requests via HTTP using XML (Extensible Markup Language). With so many applications now sending their non-Web-page traffic over HTTP in some way or another, even a carefully firewalled network can be porous to a wide variety of services. Several Trojan horse programs that exploit HTTP have circulated as well. Since outgoing Web traffic is rarely blocked, these programs can effectively communicate on nearly any network.

One important countermeasure to combat malicious software is to minimize the amount of software that is run on your system. Only essential services and applications should be running; you should stop or disable everything else.