Chapter 9 Applications

Ideally your firewall should have the following:

Stateful packet inspection to control access between the Internet and your network and protect your NSA (and computers) from hacking attacks.

IDP (Intrusion Detection and Prevention) to detect malicious packets within normal network traffic and take immediate action against them.

Anti-virus to check files you download for computer viruses.

BitTorrent and Your Firewall

The anti-virus feature on a firewall probably cannot check BitTorrent downloads for viruses, so use anti-virus software on your computer to scan the NSA for viruses.

When you download using BitTorrent, many other BitTorrent users are also trying to download the file from you. The firewall slows this down because by default, it only allows traffic from the Internet in response to a request that originated on the LAN (it lets you get files from the Internet and blocks those on the Internet from getting files from you).

Figure 108 Firewall Blocking Incoming BitTorrent Requests

To speed up BitTorrent file transfers, configure your firewall’s port forwarding to send incoming TCP port 9090 and UDP port 9089 connections to the NSA. You probably need to use your firewall’s HTML (web-based) configuration interface to

222

 

NSA320 User’s Guide