Norton and Port protection

I think I know the answer to this, but would just like to confirm with those knowledgable

 

Norton inbound firewall blocks unused ports, I know.

but on the ports that are used frequently, example 53, 80 etc. Those ports are open because they are needed right?

So then how does maleware, virus, or any other baddie keep from infecting one's computer by connecting to these ports?

I would think the bad guys would just know these ports are usually open, so I woudl think they would use them to attempt to hack or deliver malice.

Is it true these ports are open to such vulnerability?

But is that where the multi protection layers come in?

Example

a bad guy knows prt 53 is open. So attempt tos hack via port 53 or send some virus. It hits the port and is "let in"?

But then the antivirus and anti spyware protection step up to stop it from going further?

 

Hi OE09,

 

All the firewall programs works on a predefined set of rules which allows them to analyze the information through the network. The firewall examines the Internet traffic as it enters your computer and applies the predefined set of rules (Gerenral Rules or Traffic Rules) - in essence, permit or deny the access based on this rules. The firewall will filter packets by IP addresses(Source), content, as well as specific functions of a certain application.  For example, telnet receives packets addressed to port 23; mail servers receive packets addressed to port 25. Firewall allows packets addressed to the Internet address corresponding to a mail server and to port 25 to pass through and reach their destination. A packet addressed to port 25 with the Internet address of a system that is not a mail server is an attack(as in predefined Rule). So, the firewall blocks these packets.

The firewall will allow outgoing port 80 HTTP (web surfing) traffic while disallowing incoming port 80 HTTP traffic. The firewall will not allow any incoming port 80 packets to bypass its blocking ability, but will allow outgoing port 80 connections, allowing you to browse the World Wide Web and do your normal browsing.

 

If you need to know how the firewall works/protects when using these ports, refer to the informations from the following links:

 

http://technet.microsoft.com/en-us/library/cc700820.aspx

 

http://www.symantec.com/connect/articles/network-security-and-ways-protect-system

 

http://www.symantec.com/norton/products/library/article.jsp?aid=broadband_security

 

Also, you can find the detailed explanation on firewall protection in book "Network security: a beginner's guide" by Eric Maiwald.

 

Yogesh

 

[However, NAV08 has only IWP which acts as a partial firewall]

Message Edited by yogesh_mohan on 08-31-2009 05:05 PM

Yogesh,

 

Excellent, excellent information provided on what you wrote, and the Web Links you provided.