Firewalls
One problem
with having a program on your machine listening on an open TCP port is that
someone may connect and then, using some flaw in the software on your end, do
something malicious to your machine. Damage can range from the unintended
with having a program on your machine listening on an open TCP port is that
someone may connect and then, using some flaw in the software on your end, do
something malicious to your machine. Damage can range from the unintended
downloading of personal data to compromise and takeover of your entire machine,
making it a distributor of viruses and worms or a steppingstone in later
break-ins of other machines.
A firewall is a mechanism to block connections
deemed potentially risky, e. g. those originating from outside the site. Generally
ordinary workstations do not ever need to accept connections from the Internet;
client machines instead initiate connections to (better-protected) servers. So
blocking incoming connections works reasonably well; when necessary (e. g. for
games) certain ports can be selectively unblocked. The original firewalls were
built into routers. Incoming traffic to servers was often blocked unless it was
sent to one of a modest number of “open” ports; for non-servers, typically all
inbound connections were blocked. This allowed internal machines to operate
reasonably safely, though being unable to accept incoming connections is
sometimes inconvenient.
deemed potentially risky, e. g. those originating from outside the site. Generally
ordinary workstations do not ever need to accept connections from the Internet;
client machines instead initiate connections to (better-protected) servers. So
blocking incoming connections works reasonably well; when necessary (e. g. for
games) certain ports can be selectively unblocked. The original firewalls were
built into routers. Incoming traffic to servers was often blocked unless it was
sent to one of a modest number of “open” ports; for non-servers, typically all
inbound connections were blocked. This allowed internal machines to operate
reasonably safely, though being unable to accept incoming connections is
sometimes inconvenient.