What are Firewalls?
Firewalls are devices or programs that inspect and filter the network
traffic coming into or going out of a computer. This traffic may be to other
computers on a network or to other computers on the Internet. This network
traffic is divided into "packets" of data, each one of which contains both
the originating and destination addresses of the data, how many packets of
data the original chunk of data has been broken into, and the number of the
individual packet.
<>Why do you need one?
Having a firewall can protect you from viruses that exploit bugs in the
operating system or applications (the MSBlaster worm is a good example of
one of these). It can protect against a hacker remotely logging in to your
PC and gaining control of it. It can simply protect your privacy - many
applications these days want to communicate with a remote server, having a
firewall will allow you to deny access if you so desire. And, more
importantly, a firewall will also alert you to malicious programs known as
Trojan Horses (or just Trojans) that can get installed on your PC without
your permission or knowledge (or they will sometimes trick you into giving
permission to install themselves). These programs can range from the
relatively benign app that just reports your browsing habits, to much more
serious ones that will steal your credit card numbers and bank account
details, or take over your PC to be used as a spam server. Firewalls can
also help protect against "Denial of Service" attacks.
<>How do they work?
All computers either on a local network or on the wider Internet have a
unique address known as an IP (Internet Protocol) address. For home computer
users this IP address is assigned to you by your ISP. Your computer will
then subdivide this address into "ports" which consist of a number between 0
and 65535, these ports are used by different applications to connect to the
network or Internet.
A packet filtering firewall will examine the packets of data, compare them
to a list of rules which is based on the source of the data, its
destination, and the port it was sent from and is destined for. The
limitation of packet filtering is that ports and IP addresses are all that
is filtered, the content of the data packets is ignored.
A more sophisticated firewall is called a stateful inspection firewall.
These use the methods of packet filtering firewalls but also examine the
contents of the data packets as well.
<>Types of firewalls:
Firewalls come in two basic types; software firewalls and hardware
firewalls:
Software firewalls, as the name suggests, are installed as an application on
the computer, and will then monitor the computer's ports and inspect each
packet of incoming or outgoing information. The advantage of software
firewalls is that they can block both incoming and outgoing traffic -
blocking outgoing traffic will prevent malware/spyware from "phoning home".
They have the disadvantage of having to be installed on each PC, and may
need to be updated occasionally.
Hardware firewalls are physical devices that sit between the computer and
the network and monitor the traffic. The advantage is that once it's set up
it can be left alone to do it's job, but the disadvantage is that it will
only protect against incoming traffic - any malware that gets installed can
"phone home" with impunity.
There is no reason why both software and hardware firewalls can't be used in
conjunction with each other - especially as software firewalls will often
give much more useful information to the user as to what is accessing the
network. Using more than one software firewall at the same time is not a
good idea, however.
<>Network Address Translation (NAT):
Those of you with a network of computers will often connect them together
with a switch or router. These devices usually employ what is known as
network address translation, where the IP address assigned by the ISP is
exposed to the computers on the Internet at large, and the computers of the
internal network are given their own IP addresses by the router. This
effectively hides them from the world at large, and while not a true
firewall, is nonetheless very effective in keeping unwanted intrusions at
bay. In conjunction with a software or hardware firewall, it gives a useful
added layer of defense. Some routers will have both NAT and a hardware
firewall built in.
<>Firewall Alert Method:
Most software firewalls will have a method of alerting the user to possible
hacking or attack events. It's very important to realize that the vast
majority of attempts to access your PC's ports are perfectly routine
Internet traffic - your ISP wanting to make sure that you're still online
for example. It's not unknown for people to become extremely paranoid about
this, and to report every email address that's logged to their ISP and
anyone else they can think of! Please don't be tempted to follow their
example - if you think a hacking attempt is being made, or you're not sure
about anything that your firewall is reporting, then ask here in our Spware/Malware
Forum.
Happy computing and safe surfing
by:Tjolly
5 Star Support
Forums
Related material:
What is a Virus?
What is Spyware?
What is Phishing?
What is a Firewall?
Preventing malicious attacks