Firewalls / Filters

Courtesy of the alt.comp.virus newsgroup participants.
(These "anti-malware" pages are the result of a continuing cooperative effort.)

Translated versions available: en Français, Deutsch and in het Nederlands

Anti-Virus Main Menu
Main Menu
by Andrew J. Lee
AVIEN Founding Member
http://avien.net |  gladius@gladius.f9.co.uk


  1. Overview
  2. What Is A Firewall
  3. Personal Firewalls
  4. Configuring Personal Firewalls


  1. Overview

    In these days of "always on" Cable and DSL Internet connections, the possibility that your PC(s) will come under the scrutiny of the unscrubbed internet masses grows ever stronger. The main reason for this is a lack of knowledge. This is your opportunity to become one of the aware!

    There is a high probability that the PC you use every day in the comfort of your own home or office is right at this moment showing it's underwear to the world. The problem is that many of the systems we use everyday are simply not designed to be secure. If you share files or printers with other machines, you may very well be sharing them with the world as well.

    This is where firewalls and/or filters come in.

    [Back to the top]
     

  2. What Is A Firewall

    In very simple terms, a firewall is a device or program that allows you to monitor and control what comes into and goes out of your network. Almost every major business will use a firewall to protect its internal network from the outside world.

    Traditionally firewalls were, and in many cases still are, very expensive, dedicated pieces of hardware that use something called a "ruleset" to either allow or disallow connections through it. An effective firewall will do this at the "packet" level, that is it looks at every piece of data, or packet, individually before deciding to either allow it or drop it.


    The diagram below shows a very basic small network and firewall.

    Network Diagram

    [Back to the top]
     

  3. Personal Firewalls

    So called "Personal Firewalls" are something of a misnomer, they are more correctly personal filters or personal security programs.

    It's a basic rule of network security that you don't run your firewall on a machine that you use for anything else. Dedicated firewalls tend to run on their own, on a very basic but highly secured operating system. Personal firewalls are designed to run on your PC, thus breaking this rule.

    In general they either allow or disallow connections from or to your machine, acting like a filter. They are still vulnerable, as with all software, to lockups and crashes caused by incompatibilities with other software, memory leaks and any number of other bugs. They are also not necessarily secure, they can be fooled by various means, and they are still vulnerable to attack through the TCP/IP stack, (that is the bit of code that handles your internet connection). However, they can be useful in some ways.

    • They allow you to allow or prevent very specifically which programs can use your internet connection.
    • They can effectively "hide" your PC from other users on the internet by dropping all attempts to connect to your machine. This makes it look like there is nothing there to another computer.
    • They can alert you in some cases to the presence of Trojans and other malware on your PC if it should try to connect to the internet
    • They can prevent an intruder accessing your machine should you be infected with a Trojan. (Trojans often open "backdoors" to your machine without telling you which allow intruders to remotely access your computer)

    For further useful information about this, and some rudimentary tests visit http://grc.com. For the sake of interest, turn your firewall off if you have one installed and test it with the "ShieldsUp" and "Port Probe" applications, then turn it back on and run it again. You will be surprised at how much your machine broadcasts to the wide world without your filter on!

    [Back to the top]
     

  4. Configuring Personal Firewalls

    Some Personal firewalls are more difficult to configure than others, though they pretty much all do the same thing. For some, like Tiny Personal Firewall or Conseal Firewall, you will need a reasonable knowledge of TCP/IP Networking. If you don't know what that is, then you should probably avoid those! Others, like ZoneAlarm or Sygate, are far easier to use, though you'll find they take up more Memory.

    Configuring them is usually a case of telling them what you want or don't want accessing the internet. They all should block connections (in or out) by default and You will need to allow the firewall to create "rules" based on the usual activity of your computer.

    A rule of thumb is, if it's an internet application that you use regularly, like your Browser, Newsreader or email client, you should allow it. If it's not really an internet application, like a Wordprocessor, or Spreadsheet, you probably don't need it to connect.

    Usually when a program tries to access your connection for the first time, it will warn you, and ask you if you want to allow or disallow. You can then usually decide to always allow, never allow, or ask you each time.

    Have a look at some of the reviews on this site, and find a product that suits you. Many more advanced users will prefer products like Tiny or Sygate which provide more logging and finer control, where the less technical user will value the simplicity of a product like ZoneAlarm.

    [Back to the top]
     
© Copyright 2001 - Andrew J Lee
AVIEN Founding Member
http://avien.net  |  gladius@gladius.f9.co.uk
Reprinted with permission

© Claymania Creations 2001 - 2010. All applicable rights reserved.

Updated: June 4, 2001