Firewalls : Part 1

Introduction

"I have nothing important on my system [1], just normal files, emails & the like", says a friend of mine & goes on to add "Why do I need a firewall ?".This is one of the most common questions asked today, whenever a firewall is recommended as a security measure for a computer system. It is as good as saying "I have nothing important at my place so I'll leave the door open at night when am asleep & place a huge neon sign on the outside with an arrow pointing to my door". And that is exactly what systems on the Internet without a firewall are like. Bright neon signs inviting people to have a peek into systems, or worse install a few viruses/trojans & then use these systems to launch attacks on other unsuspecting victims on the Internet.

What exactly is a Firewall ?

A firewall can be defined as a door to a system , a door that is locked & only allows programs which have the right keys to have access through it. There are basically 2 kinds of firewalls, hardware & software ones & we'll come to them later. The reason a firewall can be compared to a door is simply because of the way in which it performs its task. Compare this to real life, where we look through the eye-hole of the door before letting people into our homes. When we want to get in, we simply use our own key to get inside. A firewall exists as a layer, which checks every single packet [2] coming in & going out of the system, decides whether to accept/reject/drop the packet at the same time ensuring that all ports [3] in the system are closed. What this means is that you don't have a neon sign on the outside :) & that your system is pretty much secure. Advanced settings exist in firewalls which enable you individually set various options for separate programs, like the ports that program can use & whether or not the program can act as a server. When under an attack, a firewall is what can actually block the packets & is your first line of defence, protecting your hardware. Although a firewall cannot ensure that in cases of severe attacks like DoS [4] & DDoS [5] your system will remain completely unaffected, what it does give you is valuable time. Time to physically shut off your internet access to safeguard the hardware in your system, as some of these attacks can fry hardware like hard disk drives & motherboards.

Firewalls : At work & At home

In a corporate environment, firewalls are usually implemented on a large scale (multiple layers). Companies tend to use firewalls at the first point of access into the company's internal network or at the point where their connections between the Internal network & the Internet (external world) meet. This ensures that access to the internal network is secure & that unwanted connections are simply blocked. The major point to be noted here is that in case there is no firewall at all, then the complete network of the company is vulnerable to any sort of attack because it is lit up like a christmas tree on the Internet. Any tom, dick & harry with basic computing knowledge and/or a few tools can just gain access to the network & get all the information he needs. Suffice to say that putting up a firewall ensures that not just everyone gets through. I stress on the fact that not everyone gets through because in the world of security, a 100% can *never* be achieved. No system will ever be a 100% secure. There will be people who have such good knowledge of systems that they may just walk through defences, but these kind are far & few. Firewalls also maintain logs of all transactions & it is upto the system admins to go thru logs regularly & ensure that all is running well. A corporate network without a firewall is pretty much tantamount to suicide in today's competetive world.

At home the scenario is entirely different. Usually there is only one system & people at times fail to consider the possible risks that lurk around on the internet. A good firewall for home use should be easy to configure, have good features like auto-block, virus scans on mail attachments & so on. It should also have a password protection feature to ensure that firewall settings are not tampered with. A few good firewalls for personal use are ZoneAlarm , Sygate & Norton . While both Zonealarm & Sygate have versions that are free for personal use & Pro versions with advanced features, Norton Personal Firewall needs to be purchased. All of these come with pretty good help features & manuals to ensure that the setting up of the firewall is an easy process for any home user. ZoneAlarm also has a 7 step config program which is run the first time the firewall is run & can be run later on again, that helps users select which programs they want to give Internet access to. ZoneAlarm also has this real nice alert tool, which clearly explains what the alert is & the possible causes as to why it was triggered. The Pro version has a built in Log Analyser tool & there are also other programs available for free like Visualzone that help users analyse the firewall logs & also submit them to sites like Dshield that maintain an attacker database.

Apart from these software firewalls, there are physical firewalls or hardware ones, which are usually cheap & are recommended for use with faster Internet connections. These actually protect hardware as well & do a very good job in stopping packets during attacks.

Final Tips

As with any software related to computer security, it is imperative that the software is kept updated. Ensure that the firewall you use, is upto date & once in a while, go through you program list to ensure that there are no programs there to which you did not give permission to access the Internet. Get software updates as early as possible. Sygate, ZoneAlarm & Norton all check automatically for updates & inform you of the same. Especially with firewalls & antivirus programs, it is an extremely good thing to keep them upto date & makes a huge difference between a protected system & a non functional one. As for hardware firewalls, they rarely need any specific upgradation as such.

Thats all for Part 1. Hope these tips help! Safe Surfing :)

Glossary:

The following terms are used in this article :

System [1]: For the purposes of this article, a system is simply a personal computer.
Packet [2]: The smallest individual unit of data transmitted over a network.
Ports [3]: Access points, just like physical ones (COM, LPT) these ports are software ones & used by the system for sending & receiving data. There are about 65000 + ports on any system.
DoS [4]: Denial of Service Attack. Basically designed to flood target systems with junk data & take it down.
DDoS [5]: Distributed Denial of Service Attack. Pretty much an advanced form of DoS, with multiple systems attacking a single target system.

Further References:

GRC.com : All you ever wanted to know about DoS, DDoS & DRDoS attacks.