Your IP Address is:
38.103.63.16
|
|
Personal Firewalls
Why Do You Need A Firewall?
When your computer is connected to the Internet, it opens up more than 65,000 ports to facilitate communications with other computers (see, http://advice.networkice.com/advice/exploits/ports/). These ports are to a computer the same thing as frequencies to a radio. If these ports are open for communication, hackers can use them. Simovits Consulting at http://www.simovits.com/nyheter9902.html indicates that over 400 of these ports are known to be used by hackers to attack other computer systems. If you do not have a firewall in place, all of these ports are like open doorways for hackers and there is a high probability that one or more of them will be used to get access to your computer.
How Do Firewalls Work?
Firewalls are essentially a set of rules that tell your computer (or network) what can come in and what can go out. Firewalls act as a barrier to outside intruders. There are two types of firewalls. Most networks and some home computer enthusiasts will buy a firewall appliance, which is a hardware that sits between your computer and the Internet. Firewall appliances are optimized for performance to process and enforce packet-filtering logic. Most home users opt for the less expensive solution of installing a software firewall product. Software firewall products offer good protection and are a more affordable alternative, but may not be as safe as a firewall appliance.
Please note that in the 12 November 2001 edition of The Register, John Leyden wrote a strongly critical article asserting that the security of software firewalls may be illusory. In the article, Mr. Leyden writes “Security researcher Robin Keir, has developed a proof-of-concept tool, called FireHole, which illustrates how the trick can fool personal firewalls . . .” The source code claims that the tool can fool “Zone Alarm, McAfee Firewall, Sygate Personal Firewall, Norton Firewall, or Tiny Personal Firewall.” For the article (and links) see, http://www.theregister.co.uk/content/55/22788.html. The point of the article is that if a rogue program is executed on a personal computer; e.g., a Trojan program, then the rogue program most likely will be able to communicate with the Internet and send out data – that data may include your passwords. This doesn’t mean that software firewalls are bad; rather it points out that if used alone and without anti-virus software, personal firewalls may not provide adequate protection. Used with anti-virus software, the level of protection may be reasonable, but still not complete.
I tested the tool developed by Robin Keir on a system protected by a firewall appliance to see whether the results would be different. The test firewall was configured to be very restrictive of Internet to computer connections inbound, but fairly open on connections outbound – following vendor suggestions for default settings. To my surprise the results were the same as with a software firewall. The test rogue program was able to communicate with the Internet without restriction. Again, this does not suggest that firewalls are useless or bad. It just points out that the protection is not necessarily complete.
The key point here is that firewalls can help, but they are not going to protect against every contingency. If you use bad judgment in opening e-mail attachments and launch a Trojan on your system that is not intercepted by an anti-virus program, you may defeat your firewall’s protections. Security must be layered and that means that the user has to exercise good security discipline by not downloading and executing files that come as e-mail attachments or as downloadable executables on websites that are not well-known and reputable vendors.
Firewalls are still a necessity to control inbound connections used by most adversaries attempting to use brute force methods or direct attack methods to gain control of your computer or access its contents.
Where Can You Get A Firewall?
Firewall Software
Windows OS Firewalls
Windows NT 4.0, and Windows 2000 have a built-in firewall capability that is not configured by default. Although, experienced computer users can manually configure Transmission Control Protocol/Internet Protocol (TCP/IP) to disable ports, this approach may be more difficult than desired for most users.
Windows XP also has a built-in firewall that is turned on by default, but not configured. When you run the Network Setup Wizard, it automatically enables Internet Connection Firewall (ICF) on any active Internet connections that it finds. You should, as a precaution, double-check to make sure your Internet connection is protected. Directions for how to do this are found at:
http://www.microsoft.com/windowsxp/
expertzone/columns/honeycutt/june11.asp
or
http://www.microsoft.com/windowsxp/
expertzone/columns/davies/july30.asp.
Software Solutions
Alternatively, you can download or purchase a firewall from any of the vendors listed below (please note that products and vendors change over time, so you may wish to do a web search to look for additional offerings and to consult https://infosec.navy.mil from work to see whether they have any recommendations). These firewalls range in price from free for a limited version to $70 for a complete version.
Black Ice Defender
ConSeal PC Firewall
E-Safe
McAfee Personal Firewall
NetBarrier for Mac and Palm OS
Symantec Internet Security
Symantec Personal Firewall
Zone Alarm Pro
Please make sure that you select the correct version for your operating system. Some of these products are designed to work only on specific operating systems.
Hardware Firewalls
Dlink DI-701 Residential Gateway
D-Link Home Ethernet Cable/DSL Modem Gateway and 4-port Switch
Linksys BEFSR11 - EtherFast 1-Port Cable/DSL Router
Rapid Stream
Sonic Wall
WebTrek.com
Please make sure to read the vendor's literature before making a purchase. If you cannot tell from the vendor's online website how to configure the device to make it work as a firewall, then don't buy it unless you are willing to take a risk that you may not be able to set it up correctly.
How Do You Set It Up?
There is no easy way to tell you how to set up a firewall. Each software and hardware solution is different and each has its own way of defining rules for the firewall. You will need to read the documentation that comes with the software or hardware and follow the directions.
After you have read the instructions for your firewall solution, you will want to set up the rules for your firewall. Remember that if you make a strict rule that says that nothing can come in from the outside, you will make it almost impossible for a hacker to get into your machine. Unfortunately, you may also not be able to get web pages or other content. So you will have to tell your firewall what to allow in. For most of us, we will want to allow in web pages, e-mail, and things like Real Audio. Generally you will want to start with a set of rules that includes:
- Allow your web browser and mail programs to communicate from your computer to the Internet (LAN to WAN) – this allows you to connect to the Internet. If you have purchased a commercial firewall product, the vendor should supply guidelines on how to configure your rules or a wizard to help you through this during set-up.
- Do not allow anything from the Internet to your Computer (WAN to LAN), except what you need. Generally you will need:
- Port 80 for websites
- Port 443 for secure websites
- Port 110 for e-mail from your Internet Service Provider
- Port 21 for ftp
- Port 25 for SMTP (mail)
The more ports you open, the more risk you have.
How Do You Know It’s Working?
Visit the Shields-Up Website and run the scanning test at:
https://grc.com/x/ne.dll?bh0bkyd2. This test will let you know whether your computer has any ports open that can be used by a hacker. You may want to run this before you secure your computer to learn just how vulnerable your computer is.
More Resources
|
|
|
|
