admiral.old
12-21-2008, 10:43 AM
The Software Firewall - Basic Information
1. What is a firewall?
A software firewall is a program which runs on your computer and controls the flow of data inwards and outwards. Some say the name comes from a building term, but we prefer to think that it comes from stock car racing, where the firewall is a fire-proof bulkhead which sits between the engine and the driver.
2. Why is a firewall important to my security?
Once your computer is connected to a network - it doesn't matter whether it is a local network or the Internet itself - it effectively becomes an open system. Without some form of protection, anyone who knows or can discover your network address can get inside your computer and rummage around in your data.
There is also a problem with outgoing connections. Windows, in particular, does not take personal security seriously enough! All kinds of programs and processes are allowed to connect to the Internet - many without you being aware of them. This slackness has been exploited by unscrupulous programmers who can use unseen programs (sometimes called spyware modules) to collect information from your computer and send it back to base.
3. How does a firewall actually work?
Different firewalls operate in different ways. They might work at an application level, where each time a program tries to pass information to or from a network, that application is checked against your approved software list. Any that aren't on the list are held up while you are asked what to do.
They might work at a packet level. All data passing over a network is split into packets. At a packet level, each packet is checked by the firewall against preset rules and only those that conform to the rules are allowed to pass. In fact, it doesn't really matter how a firewall works, as long as it protects your system!
4. I don't understand about data packets. Can you explain further?
All communication over a network - whether that network is simply two computers wired together or the mighty Internet itself - consists of machines exchanging individual packets of data. A typical packet sequence might consist of one machine sending a request, the two machines agreeing a protocol, the receiving machine transmitting the requested data and the first machine acknowledging receipt. Of course some communications is enormously more complicated than this, but the basic sequence of packet exchange remains the same.
Now think for a moment about the packets themselves. Whatever other information it contains, each packet must carry a destination address - so it is sent to the correct computer, and a return address - so that the receiving computer knows where to reply. Network address consist of two components; an IP address which uniquely identifies the computer on the network and a port number which specifies where to connect a particular type of service. In short, any computer communication is a two-way conversation consisting of individual packets of data travelling between two connected machines.
5. So how does a firewall handle packets of data?
A firewall sits at the interface between a computer and a network, and from there it can inspect each data packet before it is allowed into or out of your system. This means that it can vet packets before they are seen by your computer's software. If a packet arrives carrying the correct IP address, the firewall will then look at the port it is requesting. If your firewall has been told to accept data on that port, it will then pass the packet on to your system software. But there are no compromises in a firewall's rules. If a packet does not conform to the rules, it is firmly rejected and that port is slammed shut.
6. What are these "rules" you keep referring to?
This can get a bit complicated, but here we go! A good firewall can be fine tuned by configuring rules based on the four pieces of information each packet must carry.
Client's IP address
Client's port number
Server's IP address
Server's port number
...and here are some sample firewall rules:
Permit all packets to the client which originate from a particular server.
Refuse all packets from a particular server which are intended for a specified port.
Refuse only those packets from a particular server whose return address specifies a particular port on that server.
Permits only those packets from a server which are intended for a specified port but whose return address does not specify a particular port on the server.
As you can see, it is possible to create quite complex rules by manipulating the four information elements that a packet carries. This means that a firewall can be highly selective in which packets it allows in.
7. Which software firewalls would suit a beginner?
There are several programs available - some easier to use than others. Some are free, but usually to get real protection you should buy the full version. You might consider:
ZoneAlarm Pro: very simple and very effective!
Tiny Personal Firewall: free and good, but difficult to set up
Sygate Personal Firewall: free and effective
Sygate Personal Firewall Pro: as above but with better features
8. Thanks a lot! How should I choose from that lot?
OK. In our view, the way to pick a good firewall is to check its efficiency against this list:
A firewall should provide packet level monitoring to shield your computer from unwanted network intrusions by verifying each packet of inbound or outbound data received.
A firewall should provide application level filtering which allows you to control network connections based on the programs you are running on your computer
A firewall should allow you to define simple or complex rules which can be designed to fit your networks needs.
A firewall should provide effective visual warnings of any attempts to establish a network connection from inside or outside your computer.
It goes without saying that a firewall should be easy enough to set up and totally reliable in operation.
9. Does a firewall help protect against viruses, worms and Trojan horses?
Not directly, no, although some firewalls do carry rudimentary anti-virus protection. Viruses, worms and Trojans are all programs which run inside your own computer. To protect against these you need to install good antivirus software. A firewall can help with preventing them from delivering their "payload". Some Trojans, for example, are programmed to secretly open ports on your computer for a hacker to take advantage of. A firewall will keep those ports closed.
10. So a firewall is a vital security component, is it?
Of course, if your computer never connects to a network, or if your network is a tightly controlled local affair with no external access, you do not need a firewall. But you should seriously consider installing one if any of the following are true:
You use your computer to access any network - and especially the Internet, and wish to protect your system against outside invaders.
You wish to prevent malicious software installed without your permission from passing out your private data. This includes spyware and Trojan programs.
You need to access your own computer remotely. (This includes the use of any remote control programs such as PC Anywhere or Laplink.)
You are operating any sort of Internet server such as Microsoft's Personal Web Server - even if that server is only intended for your local network.
11. Will a firewall solve all my network security problems?
Despite their strengths, firewalls cannot solve all your security problems. For a start, they provide no protection against internal attackers. Disgruntled employees or even members of your own family are quite capable of creating breaches for their own use, and these breaches can subsequently be exploited by outsiders. Some firewalls are configures to give network users private IDs that can't be accessed from the Internet. These ID's can be spoofed to allow illegal access to the network. Some security experts estimate that over eighty percent of all security attacks come from inside the firewall. However diligent companies are about external security, their systems are still at risk if they forget to address internal security issues.
Hackers attempt to breach firewalls by implanting viruses in email attachments or other material downloaded from the Internet. These viruses can be designed to burrow into a network and discover private ID's and other data which can be used to bypass the firewall. They can also make use of the denial of service attacks (DoS) by sending so many data packets from commandeered computers that the firewall is overwhelmed, and the network administrator is forced to shut down the system as a protective measure.
1. What is a firewall?
A software firewall is a program which runs on your computer and controls the flow of data inwards and outwards. Some say the name comes from a building term, but we prefer to think that it comes from stock car racing, where the firewall is a fire-proof bulkhead which sits between the engine and the driver.
2. Why is a firewall important to my security?
Once your computer is connected to a network - it doesn't matter whether it is a local network or the Internet itself - it effectively becomes an open system. Without some form of protection, anyone who knows or can discover your network address can get inside your computer and rummage around in your data.
There is also a problem with outgoing connections. Windows, in particular, does not take personal security seriously enough! All kinds of programs and processes are allowed to connect to the Internet - many without you being aware of them. This slackness has been exploited by unscrupulous programmers who can use unseen programs (sometimes called spyware modules) to collect information from your computer and send it back to base.
3. How does a firewall actually work?
Different firewalls operate in different ways. They might work at an application level, where each time a program tries to pass information to or from a network, that application is checked against your approved software list. Any that aren't on the list are held up while you are asked what to do.
They might work at a packet level. All data passing over a network is split into packets. At a packet level, each packet is checked by the firewall against preset rules and only those that conform to the rules are allowed to pass. In fact, it doesn't really matter how a firewall works, as long as it protects your system!
4. I don't understand about data packets. Can you explain further?
All communication over a network - whether that network is simply two computers wired together or the mighty Internet itself - consists of machines exchanging individual packets of data. A typical packet sequence might consist of one machine sending a request, the two machines agreeing a protocol, the receiving machine transmitting the requested data and the first machine acknowledging receipt. Of course some communications is enormously more complicated than this, but the basic sequence of packet exchange remains the same.
Now think for a moment about the packets themselves. Whatever other information it contains, each packet must carry a destination address - so it is sent to the correct computer, and a return address - so that the receiving computer knows where to reply. Network address consist of two components; an IP address which uniquely identifies the computer on the network and a port number which specifies where to connect a particular type of service. In short, any computer communication is a two-way conversation consisting of individual packets of data travelling between two connected machines.
5. So how does a firewall handle packets of data?
A firewall sits at the interface between a computer and a network, and from there it can inspect each data packet before it is allowed into or out of your system. This means that it can vet packets before they are seen by your computer's software. If a packet arrives carrying the correct IP address, the firewall will then look at the port it is requesting. If your firewall has been told to accept data on that port, it will then pass the packet on to your system software. But there are no compromises in a firewall's rules. If a packet does not conform to the rules, it is firmly rejected and that port is slammed shut.
6. What are these "rules" you keep referring to?
This can get a bit complicated, but here we go! A good firewall can be fine tuned by configuring rules based on the four pieces of information each packet must carry.
Client's IP address
Client's port number
Server's IP address
Server's port number
...and here are some sample firewall rules:
Permit all packets to the client which originate from a particular server.
Refuse all packets from a particular server which are intended for a specified port.
Refuse only those packets from a particular server whose return address specifies a particular port on that server.
Permits only those packets from a server which are intended for a specified port but whose return address does not specify a particular port on the server.
As you can see, it is possible to create quite complex rules by manipulating the four information elements that a packet carries. This means that a firewall can be highly selective in which packets it allows in.
7. Which software firewalls would suit a beginner?
There are several programs available - some easier to use than others. Some are free, but usually to get real protection you should buy the full version. You might consider:
ZoneAlarm Pro: very simple and very effective!
Tiny Personal Firewall: free and good, but difficult to set up
Sygate Personal Firewall: free and effective
Sygate Personal Firewall Pro: as above but with better features
8. Thanks a lot! How should I choose from that lot?
OK. In our view, the way to pick a good firewall is to check its efficiency against this list:
A firewall should provide packet level monitoring to shield your computer from unwanted network intrusions by verifying each packet of inbound or outbound data received.
A firewall should provide application level filtering which allows you to control network connections based on the programs you are running on your computer
A firewall should allow you to define simple or complex rules which can be designed to fit your networks needs.
A firewall should provide effective visual warnings of any attempts to establish a network connection from inside or outside your computer.
It goes without saying that a firewall should be easy enough to set up and totally reliable in operation.
9. Does a firewall help protect against viruses, worms and Trojan horses?
Not directly, no, although some firewalls do carry rudimentary anti-virus protection. Viruses, worms and Trojans are all programs which run inside your own computer. To protect against these you need to install good antivirus software. A firewall can help with preventing them from delivering their "payload". Some Trojans, for example, are programmed to secretly open ports on your computer for a hacker to take advantage of. A firewall will keep those ports closed.
10. So a firewall is a vital security component, is it?
Of course, if your computer never connects to a network, or if your network is a tightly controlled local affair with no external access, you do not need a firewall. But you should seriously consider installing one if any of the following are true:
You use your computer to access any network - and especially the Internet, and wish to protect your system against outside invaders.
You wish to prevent malicious software installed without your permission from passing out your private data. This includes spyware and Trojan programs.
You need to access your own computer remotely. (This includes the use of any remote control programs such as PC Anywhere or Laplink.)
You are operating any sort of Internet server such as Microsoft's Personal Web Server - even if that server is only intended for your local network.
11. Will a firewall solve all my network security problems?
Despite their strengths, firewalls cannot solve all your security problems. For a start, they provide no protection against internal attackers. Disgruntled employees or even members of your own family are quite capable of creating breaches for their own use, and these breaches can subsequently be exploited by outsiders. Some firewalls are configures to give network users private IDs that can't be accessed from the Internet. These ID's can be spoofed to allow illegal access to the network. Some security experts estimate that over eighty percent of all security attacks come from inside the firewall. However diligent companies are about external security, their systems are still at risk if they forget to address internal security issues.
Hackers attempt to breach firewalls by implanting viruses in email attachments or other material downloaded from the Internet. These viruses can be designed to burrow into a network and discover private ID's and other data which can be used to bypass the firewall. They can also make use of the denial of service attacks (DoS) by sending so many data packets from commandeered computers that the firewall is overwhelmed, and the network administrator is forced to shut down the system as a protective measure.