Simple question. I think I've figured out how to open ports on my hardware firewall. Since it has sped up the torrents considerably, I assume that means that the Windows firewall does not need to be "opened" (otherwise I assume I would not be getting the speed increase, but correct me if I'm wrong - the whole damn process was confusing and only cobbled together from a variety of sources, and I'm still not crystal clear I've done everything I'm supposed to even on the hardware firewall, it just seems to be working).

What I don't get is this: What great evils does opening one port do to my security? Unfortunately, free internet resources are all over the map on this - many rant and rave about open ports and security, but do not exactly explain how you are supposed to get torrents without opening a port, how to better secure an open port, or even realistic advice on what the specific security risks are. It's a lot of, "You could be DOMED," without explanation of why or how not to be DOMED.

I'm running AVG antivirus (because I'm a cheap bastard), run Spybot and Adaware on occassion, and am generally smart enough not to click on random executables that people email me. That's pretty much the extent of my security savvy. Help me, please.

P.S. No, I'm not pirating software. I'm the idiot who actually paid $100 for a new copy of Windows XP when I built my computer a month ago.

What a firewall does is throw away incoming, unsolicited (stuff you haven't specifically asked for) Internet communications.

GOOD DATA: Data packet on port 80 from the web server you sent an HTTP request to about 0.5 seconds ago.
SUSPECT DATA: Data packet from some computer you've never contacted before, on some seemingly random port.

Unsolicited Internet traffic to your computer is usually bad because:
1. Most people don't run servers, so they shouldn't be getting any unsolicited traffic.
2. Some programs have known security vulnerabilities that can be triggered by incoming Internet traffic.

So, by blocking unsolicited traffic, the firewall protects you from hackers trying to trigger security vulnerabilities on your computer.

Unfortunately, if you ARE running a server of some sort, you *DO* want to receive unsolicited Internet traffic on whatever port the server is using for its communications. If you're running a web server, that would be port 80. If you're running an FTP server, you expect traffic on port 21. By "opening" only those ports that you expect traffic on, you can still keep the rest of your ports secured.

Of course, now that you're accepting traffic on those ports, if your server has a security vulnerability, a hacker will now be able to hack you. Which is why you should check for and install security updates before running server.




btw, there's an International registry to keeps track of port assignments. Software engineers are supposed to register the ports that they use, but I don't know how many actually do:

http://www.iana.org/assignments/port-numbers

I should add that, in itself, an open port is only a security risk if there is a program on the other end specifically listening for traffic on the port. Otherwise, it's just knocking when no one is home.

The problem is that the average user has no idea what programs are running on a computer. Even an expert user would be hard pressed to tell you exactly how many service processes Windows XP is running in the background, and which ports they are listening to for data.

So, it's safer to just lockdown all the ports, and then open them up as needed.

Port Forwarding, in particular:

With a hardware router, you can't just open a port. That's because there are many possible computers that may be connected to a single router. Something called Network Address Translation (NAT) is used to route traffic to the computers behind the router.

Using NAT, a router knows which computer incoming traffic is destined for, but only if it's solicited information. For example, if you request a web page using your kitchen computer, your router knows to route the reply back to your kitchen computer.

In the case of unsolicited traffic, the router doesn't know which computer to send it to. That's where port forwarding comes in. When you open a port, you also designate what computer to send the traffic to for processing.

Generally having an open port is only a danger if the program listening to that port is known to have exploitable flaws, or possibly has exploitable flaws. For example if your program tried to execute a packet that was too big and it ran into a buffer overflow.. that would be bad :).

I guess for torrents you'd be all right if you used a java-based client since java is pretty restrictive on how much system access it gets.