by Webnme2 on Mar 14th 2010
Why Do You Need A Firewall?
When your computer is connected to the Internet, it opens up more than 65,000 ports to facilitate communications with other computers (see, http://advice.networkice.com/advice/exploits/ports/). These ports are to a computer the same thing as frequencies to a radio. If these ports are open for communication, hackers can use them. SANS Institute at http://www.sans.org/resources/idfaq/oddports.php listed a huge number of ports being used by trojan horse prgrams in 2001. This has grown considerably since then. Most folks quit trying to keep a list because malicious software and malicious software users routinely scan for available open ports. Any port that is open can be an avenue for attack. If you do not have a firewall in place, you dramatically increase the number of ports that are like open doorways for hackers and there is a high probability that one or more of them will be used to get access to your computer.
How Do Firewalls Work?
Firewalls are essentially a set of rules that tell your computer (or network) what can come in and what can go out. Firewalls act as a barrier to outside intruders. There are many types of firewalls. Most networks and some home computer enthusiasts will buy a firewall appliance, which is a hardware that sits between your computer and the Internet. Firewall appliances are optimized for performance to process and enforce packet-filtering logic. Most home users opt for the less expensive solution of installing a software firewall product. Software firewall products offer good protection and are a more affordable alternative, but may not be as safe as a firewall appliance.
In the 12 November 2001 edition of The Register, John Leyden wrote a strongly critical article asserting that the security of software firewalls may be illusory. In the article, Mr. Leyden writes “Security researcher Robin Keir, has developed a proof-of-concept tool, called FireHole, which illustrates how the trick can fool personal firewalls . . .” The source code claims that the tool can fool “Zone Alarm, McAfee Firewall, Sygate Personal Firewall, Norton Firewall, or Tiny Personal Firewall.” For the article (and links) see, http://www.theregister.co.uk/content/55/22788.html. The point of the article is that if a rogue program is executed on a personal computer; e.g., a Trojan program, then the rogue program most likely will be able to communicate with the Internet and send out data – that data may include your passwords. This doesn’t mean that software firewalls are bad; rather it points out that if used alone and without anti-virus software, personal firewalls may not provide adequate protection. Used with anti-virus software, the level of protection may be reasonable, but still not complete.
I tested the tool developed by Robin Keir on a system protected by a firewall appliance to see whether the results would be different. The test firewall was configured to be very restrictive of Internet to computer connections inbound, but fairly open on connections outbound – following vendor suggestions for default settings. To my surprise the results were the same as with a software firewall. The test rogue program was able to communicate with the Internet without restriction. Again, this does not suggest that firewalls are useless or bad. It just points out that the protection is not necessarily complete.
The key point here is that firewalls can help, but they are not going to protect against every contingency. If you use bad judgment in opening e-mail attachments and launch a Trojan on your system that is not intercepted by an anti-virus program, you may defeat your firewall’s protections. Security must be layered and that means that the user has to exercise good security discipline by not downloading and executing files that come as e-mail attachments or as downloadable executables on websites that are not well-known and reputable vendors.
- Your computer is not protected during boot-up and shutdown (before and after the fire wall is enabled)
- Your computer is not protected if there is an exploitable flaw in the software firewall
- Your computer is not protected if your software firewall fails to function properly (we all know that software programs can go bad)
- Your computer is not protected if your software firewall is not frequently updated
- The default configuration of most software firewalls allows all outbound connections, which will allow malicious software to communicate (this can be particularly bad if the malicious software includes a keystroke logger that reports your passwords or data-mining software that sends somebody else your confidential business information, intellectual property, or personal information.
Hardware firewalls are better, but require more work. Your best solution is to purchase a firewall appliance that is frequently updated by the vendor and one that also includes:
- Gateway anti-virus (Definition)
- Intrusion detection (Definition |
- Intrusion prevention (Definition)
Home users and small business owners may want to look at SonicWall TZ Series Appliances as a potential solution. This particular firewall has optional security services that can be purchased on a subscription basis that provide gateway antivirus, intrusion detection, and intrusion prevention.
Firewalls are a necessity to control inbound and outbound connections used by most adversaries attempting to use brute force methods or direct attack methods to gain control of your computer or access its contents.
Where Can You Get A Firewall?
Unsupported Windows NT 4.0 and Windows 2000 – Windows NT 4.0, and Windows 2000 have a built-in firewall capability that is not configured by default. Although, experienced computer users can manually configure Transmission Control Protocol/Internet Protocol (TCP/IP) to disable ports, this approach may be more difficult than desired for most users.
Windows XP Professional – Windows XP also has a built-in firewall that is turned on by default, but not configured. When you run the Network Setup Wizard, it automatically enables Internet Connection Firewall (ICF) on any active Internet connections that it finds. You should, as a precaution, double-check to make sure your Internet connection is protected. Directions for how to do this are found at:
Windows Vista Firewall – Windows Vista has a built-in firewall that is turned on by default, but not entirely configured. You will need to determine what ports to allow, what applications can communicate with the Internet, etc. If you turn it off, you will get a security warning on boot-up.
You can download or purchase a firewall from any of the vendors listed below. Some software firewalls are free for a limited version. Most require payment for a complete version. Before downloading you may want to look at Home PC Firewall Guide, Personal Firewall Reviews, Consumer Search’s Best Firewalls and US-CERT Cyber Security Tip ST04-004 — Understanding Firewalls.
- Black Ice Defender
- Comodo Firewall
- Computer Associates
- ConSeal PC Firewall
- NetBarrier for Mac and Palm OS
- Online Armor
- Private Firewall
- Symantec Internet Security
- Symantec Personal Firewall
- Trend Micro
- Zone Alarm Pro
Please make sure that you select the correct version for your operating system. Some of these products are designed to work only on specific operating systems.
Alternatively you may want to look at one of these vendor websites.
(For laptop owners – check out Linksys USB VPN and Firewall Adapter network
- Rapid Stream
- Sonic Wall
- Yoggie Firewall (For Laptops including
Please make sure to read the vendor’s literature before making a purchase. If you cannot tell from the vendor’s online website how to configure the device to make it work as a firewall, then don’t buy it unless you are willing to take a risk that you may not be able to set it up correctly.
How Do You Set It Up?
There is no easy way to tell you how to set up a firewall. Each software and hardware solution is different and each has its own way of defining rules for the firewall. You will need to read the documentation that comes with the software or hardware and follow the directions.
After you have read the instructions for your firewall solution, you will want to set up the rules for your firewall. Remember that if you make a strict rule that says that nothing can come in from the outside, you will make it almost impossible for a hacker to get into your machine. Unfortunately, you may also not be able to get web pages or other content. So you will have to tell your firewall what to allow in. For most of us, we will want to allow in web pages, e-mail, and things like Real Audio. Generally you will want to start with a set of rules that includes:
- Allow your web browser and mail programs to communicate from your computer to the Internet (LAN to WAN) – this allows you to connect to the Internet. If you have purchased a commercial firewall product, the vendor should supply guidelines on how to configure your rules or a wizard to help you through this during set-up.
- Do not allow anything from the Internet to your Computer (WAN to LAN), except what you need. Generally you will need:
- Port 80 for websites
- Port 443 for secure websites
- Port 110 for e-mail from your Internet Service Provider
- Port 21 for ftp
- Port 25 for SMTP (mail)
The more ports you open, the more risk you have.
How Do You Know It’s Working?
Visit the Shields-Up Website and run the scanning test at:
https://grc.com/x/ne.dll?bh0bkyd2. This test will let you know whether your computer has any ports open that can be used by a hacker. You may want to run this before you secure your computer to learn just how vulnerable your computer is.
- Browser Spy
- Firewalls for Beginners
- Firewall Security and the Internet
- Home Firewall Guide
- How Firewalls Work
- IETF Port Assignments
- NetIce Port Knowledgebase
- Personal Firewall
- Personal Firewalls & Security
- Ports Used by Trojans
- Shields Up
- What Is A Firewall?