This sort of basic firewall has some issues that can be exploited by hackers and malicious programmers to sneak through which is why there are more advanced firewall systems. I mentioned that with this sort of port blocking, communications in response to connections initiated by your computer would be allowed through even on ports you were blocking. Using this knowledge, a hacker can forge the packet to make it look like it is a reply rather than an initiation of a connection and the firewall will allow it through.
Even on connections that ARE initiated by your computer, a malicious programmer can still exploit weaknesses in the system to sneak packets through. To guard against some of these weaknesses there are other types of firewalls- stateful inspection packet filters, circuit level gateway and application level gateways to name a few. For more details on firewalls see the article What Is A Firewall?.
Another consideration for firewalls is that it is not always enough to monitor or block inbound traffic. You may get a virus or Trojan horse program through a connection you initiated, thereby bypassing the firewall, or through email. These malicious programs can open ports and initiate connections FROM your computer once they are planted there. Most software based firewalls like Zone Alarm or Sygate (Top Software Firewall Products) or more advanced hardware based firewalls will monitor outbound connections as well.
That does it for Lesson 3. We have completed an overview of ports and some of the common uses, the TCP and UDP protocols and a quick look at how firewalls work. In Lesson 4 we will cover email security, email borne viruses, hidden file extensions and email spoofing. Come back soon.
