|
What is a firewall
In simple terms a firewall is a hardware or software device that acts like a fence around your system or network, it would be great just to put up a nice fence and never let anyone in (some systems do this) but in real terms your would lose all communication with the outside world a bit like a siege.
So what is needed is a walled garden with access to and from strictly controlled and limited to applications and data that you trust and that is exactly the job of a firewall, of course they range from free software only firewalls to full on corporate wide hardware systems.
How does it work
There are a number of technologies employed by firewalls to protect your data and network, the first is a simple set of rules, this permission based scheme plugs the holes that windows operating systems are sadly renowned for. Your windows operating system is like a Swiss cheese with many holes in it, some must remain for applications like e-mail and web browsing to get to the public internet but windows ships with many other holes or "ports" open as standard.
For example many home machines will never network with another machine in their entire life, but as standard they ship with the NetBIOS ports open, there are a number of viruses and hacking tools that exploits this simple fact and there is an equally frightening number of home PC's sat right now
with this port wide open.
A simple rule set starts from the position of all ports (or doors) closed and then as you start each application you have to create a rule to let it get to the internet or network, most firewalls will come pre configured to allow internet and pop3 e-mail access from start-up but you'll find that instant
messaging systems like MSN messenger and yahoo IM will need permission to work.
This guest list a bit like a bouncers VIP list is maintained by you either as an administrator on the top of the range systems or on a simple software system it will prompt you each time a new program asks for access.
What types are there?
There are 2 physical types of firewall software and hardware.
Software firewalls are commonly used in the home environment big names like Norton and MacAfee both make and sell internet personal firewalls, these do a good job of providing a basic rules based protection system by running an application on your PC.
Hardware firewalls are more common in the business environment where dedicated units have the outside world plugged in onside and the trusted network on the other, these are often supplied as a pair so that failure of a unit does not make the network vulnerable.
Both hardware and software firewalls use a number of different techniques to keep your PC and network safe, the first systems already described is a rules based or packet filter system, here all data incoming and outgoing is inspected to see that it is coming from and going to trusted ports on the system and possibly even trusted IP addresses.
The next level up is a proxy server, this stands between the outside internet and the trusted network it intercepts all packets of data and checks if they meet the packet filter rules before forwarding data to the machine inside the trusted network. This adds a level of security by never letting the internet machine talk directly with the trusted machine, a system of network address translation (NAT) hides your internal IP address from the internet meaning all data has to go through the firewall for inspection. A proxy server is very good against brute force attacks, the equivalent of someone trying to shoulder charge your door down, its like putting an extra set of doors between your machine and the attack.
The best level of firewall technology is normally found only in high end firewalls but is slowly creeping into the top end home devices, SPI or stateful Packet Inspection, this not only applies rules to incoming data it checks various security protocols and can determine if data is really from whom it claims to be, this is in effect a smart firewall which is looking for known characteristics of certain attacks and spoofing attempts.
Most firewalls use at least 2 of these techniques and the best firewalls are a combination of all 3, plus most corporate firewalls use a combination of
hardware and software to protected their networks.
Do I really need one?
Well it depends, most dial up users would not benefit from the extra security and would be hindered by the downsides covered in the next section, as dial up users get assigned a new IP address every time they connect it would be very difficult for hackers to find the machine before you end your surfing session.
But with the event of broadband you should get some protection, for example at the time of writing our D-Link router has been connected to our broadband connection for 11 days on the same IP address, we only reboot occasionally and that's the only time my ISP gives me a new IP address.
So we like every other broadband user are connected for enough time to make it worth while searching for open ports and trying to get in, or for a Trojan program on a machine inside our network to get out and do some damage.
There must be a downside to Firewalls?
Well yes of course there is some downside, almost all firewalls have some performance issues, anything above the simplest packet inspection system will slow down traffic in and out of your network, not by much but it will have an effect. On a broadband connection this is hardly noticeable but on dial up its just another drain on a small 56k connection. Also some of the software based firewalls like Norton and Zone alarm do eat system resources on the host PC.
What should I get and where do I get it?
If you decide that you should look at protecting your PC / Network then if you are using a single PC and do not plan to build a network then head for a software system, Zone alarm from Zonelabs.com is free for personal use and Norton offer a personal internet security system which "does what it says on the box". If you have a network then the best bet for the home user is a router with inbuilt firewall, be it wireless or cabled manufacturers like Netgear, Belkin and Linksys offer competitively proceed systems with a good solid firewall.
|
