Internet Firewalls

While the internet offers a wealth of information and useful services such as email and instant messaging, bandits are about waiting to waylay the unwary, and just by connecting to the internet for a few minutes from the comfort of your own home or office, your computer could suffer the equivalent of an abduction in a dark alley, all without your knowledge, and even worse, it could be used to attack other computers in what could become a snowball effect.

A firewall will protect you from a great deal of the security risks that the internet can create, but as we will see, it is not foolproof. A firewall's basic function is to intercept data passing through it, an based on a set of rules, determine whether to pass the data on or not. By default most firewalls will block all incoming data that has not been specifically requested from inside the firewall, and permit all outgoing data. Better firewalls will only permit approved outgoing data as well, since if you received a virus in email and it infected your system, it would then be on the 'inside' and able to send out as many copies of itself as it liked.

Aside from the default behaviour of what to block, firewalls fall into two broad categories. Software firewalls, and hardware firewalls (or firewall appliances).

Software Firewalls

Software firewalls need to be installed on every PC that needs to be protected. Popular versions are Zonealarm (free version available for personal use), Norton's Internet Security, and Black Ice. Windows XP also includes a built in internet connection firewall. With the exception of Windows XP, all of these products provide default blocking of both inward and outward data unless specifically permitted. This is good, but if some new program causes an alert requesting internet access, how do you know if it is safe or otherwise? Another problem common to all software firewalls is that since they reside on the computer they are protecting, if the computer is compromised by a virus or trojan, the firewall can be disabled. Also a malicious or clumsy user could potentially disable the firewall as well. Both Black Ice and Norton's Internet Security recently had serious security flaws reported that until they were fixed, actually left 'protected' computers potentially more vulnerable than those without any form of firewall! Another disadvantage of software firewalls is that if you are on a LAN (local area network) they can sometimes interfere with legitimate network data traffic.

Firewall Appliances

This leads on to the second form of firewall, the hardware firewall or firewall appliance. In reality there is really no such thing as a purely hardware firewall, as in all cases a firewall has to assess data flowing through it against some form of rule set, and this is carried out using some form of software program. The big difference is that dedicated firewalls do just that. Instead of having software installed to do anything and everything that could possibly be imagined, these devices have just the bare minimum of functionality in order to be able to function as a firewall. There is no Windows, no fancy user interface, often no disk drives, and so a potential attacker has a very small target, with very limited potential for attack.

Perhaps the cheapest firewall appliances are ADSL routers with firewall functionality built in. If you need to purchase an ADSL modem to use Telecom's Jetstream, It is well worth spending a bit more to get a model with inbuilt firewall functionality. These firewalls have limited functionality, but provide adequate protection from external attack, and because the firewall is only on the connection between you and the outside world, it will not affect any internal networking. There is no need to install anything on individual computers, and all computers on the network are automatically protected. The down side of these firewalls is that generally they do not block any outgoing data by default, and they offer no protection against someone on the internal LAN spreading an infection to other people on the internal network. This can occur especially if someone plugs a laptop into the network that has become infected while in use outside of the firewall protection, or if someone opens an infected attachment in email. Running an up to date antivirus program on every PC can help minimise this risk.

For a more comprehensive firewall appliance it is possible to convert an old PC into a dedicated firewall. Two free products that are available are Smoothwall and IPCop. There are many others available with various functionality. Mandrake Linux offers a firewall wizard, and other Linux distributions offer similar functionality with greater or lesser degrees of complexity to install. One important warning with Linux, it is very easy to install a lot more than just the bare minimum firewall software, and if you do this, you defeat the purpose of having a firewall by opening up too many potential security risks. Both IPCop and Smoothwall offer additional functionality over a basic firewall including a transparent proxy server which can speed internet access when you have multiple users sharing a connection. Also more extensive logging is provided than with a router/firewall. With the proxy enabled you can also determine who is accessing what web sites. IPCop has a free content filtering addin that allows automatic filtering of access to porn sites, and sites with malicious software such as viruses and trojans.

At the end of the day, whatever firewall you use will only be one part of a strategy of overall internet security. Keeping your PCs up to date with security updates, regardless of whether you run Windows, Linux or Mac OS is important, as is educating yourself and other users about common sense ways to avoid compromising your security.

Share