How to Test Your Firewall

Find out if your PC or network firewall is doing its job

You may have turned on the firewall feature on your PC or wireless router at some point, but how do you know if it's doing its job?

The main purpose of a personal network firewall is to keep whatever is behind it safe from harm—specifically from hackers and malware.

Padlock and chain on a laptop.

Jupiterimages / Getty Images

Why Firewalls Matter

When implemented correctly, a network firewall makes your PC invisible to hackers. If they can't see your computer, they can't target you.

Hackers use port scanning tools to scan for computers with open ports that might have associated vulnerabilities, providing hackers with backdoors into your computer.

For example, you may have installed an application on your computer that opens an FTP port. The FTP service running on that port might have a vulnerability that was recently discovered. If hackers can see that you have a port open with a vulnerable service running, they can exploit the vulnerability and access your computer.

One of the guidelines of network security is to allow only the ports and services that are necessary. The fewer ports open and services running on your network or PC, the fewer routes hackers have to attack your system. Your firewall should prevent inbound access from the internet unless you have specific applications that require it, such as a remote administration tool.

You most likely have a firewall that is part of your computer's operating system. You may also have a firewall that is part of your wireless router.

Enabling stealth mode on the firewall on your router is the best security practice. It protects your network and computer from hackers. Check your router manufacturer's website for details on how to enable the stealth mode feature.

How to Know Your Firewall Is Protecting You

You should periodically test your firewall. The best way to test your firewall is from outside your network via the internet. There are many free tools to help you accomplish this. One of the easiest and most useful available is ShieldsUP from the Gibson Research website. ShieldsUP allows you to run several ports and services scans against your network IP address, which it determines when you visit the site.

Types of scans available from the ShieldsUP site include file sharing, common ports, and all ports and services scans. Other testing tools offer similar tests.

File Sharing Test

The file sharing test checks for common ports associated with vulnerable file sharing ports and services. If these ports and services are running, you could have a hidden file server running on your computer, possibly allowing hackers access to your file system.

Common Ports Test

The common ports test examines the ports used by popular (and possibly vulnerable) services, including FTP, Telnet, NetBIOS, and others. The test tells you whether your router or computer's stealth mode is working as advertised.

All Ports and Services Test

An all ports and services test scans every port from 0 to 1056 to see if they are open, closed, or in stealth mode. If you see any open ports, investigate further to see what is running on those ports. Check your firewall setup to see if these ports have been added for some specific purpose.

If you don't see anything in your firewall rules list regarding these ports, it could indicate that malware is running on your computer, and your PC may have become part of a botnet. If something seems fishy, use an anti-malware scanner to check your computer for hidden malware services.

Browser Disclosure Test

While not a firewall test, this shows the information your browser may be revealing about you and your system.

The best results you can hope for on these tests is to be told that your computer is in stealth mode and that the scan reveals there are no open ports on your system that are visible or accessible from the internet.

Was this page helpful?