Firewalls – Love them, hate them, don't ignore them
You probably have heard the term firewall applied to a computer. You may understand that it has something to do with security. At some time your firewall or the absence of a firewall may have caused trouble. Most of the time, we do not notice them as they do their work. When something goes wrong, we do. The consequences of something going wrong can be mildly frustrating to full-blown disaster. Herein I try to shed some light on this very important feature of network and computer security.
The word firewall originally meant a fireproof or fire-resistant wall designed to prevent fire from spreading through a building. The term came to be applied to computer and network security in the late 1980’s. A computer firewall sits between the outside world and the private world of your network or computer. It acts as a sentry, challenging information flow from entering, and in many cases, from leaving your computer. It screens information, actually packets of data, flowing between the inside and outside. If the packet passes the firewall’s rules, it is allowed. If the packet fails the rules, it is blocked. If the firewall does not know whether to allow or block a packet, it may ask you for instructions.
 Firewalls can be located in many places in a network. Your computer is the most common place you will experience the benefits and detriments of a firewall. All new Windows, Mac and Linux operating systems come with firewalls. They can also be located in a router or can be a standalone device sitting at the gateway between your network and the outside world. A firewall makes a determination on whether to block or allow a packet of information based upon a pre-set rule. If no rule exists, the firewall may either allow the data to pass or block it awaiting your instructions.
They can screen inbound traffic, outbound traffic or both ways. The original Windows XP did not include a firewall. It was added in service pack 2 (SP2). XP’s firewall is a one-way firewall. It only screens incoming traffic. Vista’s firewall is two-way. The Mac OS X firewall is two-way but the default configuration only screens inbound traffic. Many security vendors such as Computer Associates, Grisoft, McAfee, Symantec or ZoneAlarm provide enhanced two-way firewalls as part of their security suite. ZoneAlarm also provides a free two-way firewall.
It is a good idea to set your firewall to stealth mode, if it is supported. Most gateways/routers allow you to set your network to stealth mode. This means that your network is silent when outsiders test to see if your network exists. This greatly improves your network security, as it is harder for someone to hack into your network or computer if they do not know it exists. In a Linksys router, you will find the settings under “Security – Firewall”. Turn on the “Block Anonymous Internet Requests”. Other router vendors and software firewalls may have similar settings but with slightly different terminology.
If you have a laptop and travel with it, you should try to set its wireless network card to be stealth as well. This way when you are attached to a public wireless network at an airport or coffee shop other patrons will not know you are there. You will need to review your wireless network card vendor’s manual to find out how to make your computer invisible to outsiders.
Finally, it is always a good idea to test your firewall’s defenses. Gibson Research Corporation provides a free testing facility called “Shields Up”. You can run this test by going to http://www.grc.com and navigating to the “Shields Up” tests. The GRC website is not well laid out so it may take you a few moments to find “Shields Up”.
|
