Open a port safely in firewall for a PC connected to Internet

0

This is related to this question PCs in same network can not communicate
My real problem was that I have a web application I want to test running in PC1 but I noticed I could not even ping the machine.
By opening firewall ping is possible.
By opening a rule for the port of the web application I need to access, I can reach my web application.

Problem:

It is not clear to me how can I safely add a rule to the firewall so that I don't have problems from public network.
I tried to specify a rule to open the port to be accessed from a specific address only, but it required the connection to be secure.
Mine isn't.

So how can I configure a safe rule in my case?

user65971

Posted 2011-10-17T16:50:38.413

Reputation: 317

Are you on a private network that connects to a public one? You mention having a router in your other question, if so you can specify rules for public and private networks. – Supercereal – 2011-10-17T17:05:06.883

No private network.This is 2 PCs connecting to the same router and accessing the public Internet – user65971 – 2011-10-17T17:14:10.007

Thats impossible 2 PC's can't use the same public IP without NAT. There HAS to be NAT then, which is the same as a private network. Is the IP you are trying to ping a 192.168.x.x address? – Supercereal – 2011-10-17T17:19:32.127

Of course. Both IPs are like you say.I could not do http://192.168.1.6:8080 without opening the port 8080 in firewall.But the PCs are also connected to the Internet.Isn't it risky to open the port? – user65971 – 2011-10-17T17:24:58.870

Its perfectly safe to open a port. You are not going to get attacked, even if you do, you have to have a program that can be exploited which is doubtful if you keep your system updated and have security software. – Ramhound – 2011-10-17T17:44:57.690

Answers

0

It is not clear to me how can I safely add a rule to the firewall so that I don't have problems from public network. I tried to specify a rule to open the port to be accessed from a specific address only, but it required the connection to be secure. Mine isn't.

This is a pretty lame error message. In order for you to configure a Windows Firewall rule to allow only certain computers, you gotta change the rule at the beginning to "Allow the connection only if it is secure."

But alas, this is not the setting you want. The "Allow only these computers" really should read "Allow only these Windows Authenticated computeres".

The setting doesn't actually authenticate based on certificates because, that means the Firewall would actually have to allow the connection first, then verify the certificate. . .

surfasb

Posted 2011-10-17T16:50:38.413

Reputation: 21 453

0

Just opening a port does not create any vulnerabilities. Your system might be in danger when,

  1. Potentially harmful application tries to give access to remote people by opening a port and a server.

  2. Your firewall is configured to keep that port open (the one harmful app uses)

So, even though you open a port, the malwares still need to find that port for using, so in practise, it is a does not create a great vulnerability.

It should be also noted that, harmful applications does not need some ports to be opened, they can just connect to a server and tunnel itself bypassing port filters of the firewall.

Umur Kontacı

Posted 2011-10-17T16:50:38.413

Reputation: 363

Asked: 2011-10-17T16:50:38.413

Viewed: 1 024 times

Active: 2011-10-17T23:15:55.060