Another Brick in the Wall
Last time, we identified the antivirus scanner as a critical component of our computer security system. Equally important is the firewall. Once found only in the computer rooms of large enterprises, firewalls have become commonplace.
A firewall is a system that blocks unwanted traffic into -- and possibly out of -- your computer. Think of a house with a front door to the outside and interior doors to the various rooms. You don't let just anyone in the front door. And those you do let in may not have access to every room in the house. Some people you'll let in at any time, others only during reasonable hours. You may deny entrance to people carrying dangerous packages. To control all of this, you hire a doorkeeper.
A Firewall acts as that doorkeeper to your computer, controlling who can come in through the front door (your network connection) and what rooms (or ports) they're allowed to access. (Different programs -- email, chat, streaming audio, web browsing, file transfers -- all run on different ports.) You may sometimes hear about viruses and other hacker tools opening up "backdoors" into your system. A good firewall program will block those vulnerabilities.
Firewalls generally come in two varieties, hardware and software.
For software firewalls, consider NetBarrier (http://www.intego.com/), Personal Firewall Plus (http://www.mcafee.com/), or Norton Personal Firewall (http://www.symantec.com/).
Apple's Mac OS X comes with a firewall, easily configured through the System Preferences, that allows you to specify general parameters and specific port settings. Microsoft's Windows XP also makes an attempt at limited firewall capabilities.
Some hardware options include the D-Link series (http://www.dlink.com/), the Linksys brand (http://www.linksys.com/), and SnapGear products from CyberGuard (http://www.cyberguard.com/).
Software firewalls are installed right on your computer, so they protect you no matter where you go. Some large businesses have a hardware firewall the protects their whole network, but also install software firewalls on their employee's notebooks so they're still protected when they're out of the office. If you have a small office network with several PC's all sharing an internet connection, each machine would need a license for the software firewall.
Hardware firewalls have the advantage that they can protect multiple computers. Your whole home or office network could be protected by a single device. This makes configuring your rules, which we'll discuss in a moment, easier; there's only one point of access to monitor. On the downside they won't protect a notebook computer you take out of the network and connect to the internet directly or through some other network.
How does a firewall function? That requires a bit of technical talk, although we'll keep this very simple. Firewall technology can be mind-numbingly complex; some people build their entire career around configuring and maintaining firewalls. We'll only briefly touch on the basics here so you know what's going on with your own computer. If you really want to know more your best option is to take a course (probably several courses!) or hire an IT security consultant.
Here we go...
Every computer connected directly to the internet has a unique address. If your computer, or your local network, is behind a firewall, the firewall presents its address to world, hiding yours by a process called Network Address Translation, or NAT. If attackers don't know your address, they can't reach you.
Another method used is packet filtering. As data crosses the firewall on its way to your computer the packets of information are analyzed and those known to be harmful are dropped, discarded.
With a firewall you can filter traffic based on the originating address of the packets. You can configure the firewall to allow traffic only if it comes from an approved address. Your buddy with whom you're playing a networked game may be able to get in, while everyone else is blocked.
A firewall may pass only certain types of data, web browsing for example, but block others, such as streaming audio and video.
You may be running your own host applications, like a web server or a file transfer server (FTP). You would likely have different requirements for traffic coming in to your applications than for traffic going out.
You can configure schedules, allowing access at certain times, disallowing it at others.
You can limit outbound traffic, allowing access only to approved web sites for example.
You may also be able to configure a VPN or Virtual Private Network. This is a secure tunnel through the public Internet, from your local network to another location.
All of these possibilities are tied together into combinations called "rules." If you just want to protect your computer from outside attacks but still be able to browse the internet or send email, your firewall rules will be pretty simple. But you can imagine how complicated it can get when you have a number of internal systems to protect, each with different requirements. An inherent danger is that you could inadvertently leave a hole in your defenses.
How do you know your firewall is working? Most firewalls keep a record of abnormal events. You should periodically examine this log and, if you notice a pattern -- many attacks originating from the same address -- inform your internet service provider. They may be able to track down the culprit or block that address with their own firewalls so it never reaches you at all.
Since hackers continue to devise new attacks, it's important to keep your firewall up-to-date. Check with the vendor's web site for patches to the program or, in the case of hardware firewalls, firmware updates.
While a firewall is a critical component of a solid defense plan, it's only that , a component. You should have an overall security policy. Even for a small home office network, you should know what your defenses are, how to monitor them and keep them current, and determine what you will and will not allow on your systems. We'll go into greater detail about security policies in a future article.