Written by :
5 Star Support Forums Admin
- What are they?
Firewalls are devices or programs that inspect and filter the network traffic
coming into or going out of a computer. This traffic may be to other computers
on a network or to other computers on the Internet. This network traffic is
divided into "packets" of data, each one of which contains both the originating
and destination addresses of the data, how many packets of data the original
chunk of data has been broken into, and the number of the individual packet.
- Why do you need one?
Having a firewall can protect you from viruses that exploit bugs in the
operating system or applications (the MSBlaster worm is a good example of one of
these). It can protect against a hacker remotely logging in to your PC and
gaining control of it. It can simply protect your privacy - many applications
these days want to communicate with a remote server, having a firewall will
allow you to deny access if you so desire. And, more importantly, a firewall
will also alert you to malicious programs known as Trojan Horses (or just
Trojans) that can get installed on your PC without your permission or knowledge
(or they will sometimes trick you into giving permission to install themselves).
These programs can range from the relatively benign app that just reports your
browsing habits, to much more
serious ones that will steal your credit card numbers, or take over your PC to
be used as a spam server, to give a couple of examples. Firewalls can also help
protect against "Denial of Service" attacks.
- How do they work?
All computers either on a local network or on the wider Internet have a unique
address known as an IP (Internet Protocol) address. For home computer users this
IP address is assigned to you by your ISP. Your computer will then subdivide
this address into "ports" which consist of a number between 0 and 65535, these
ports are used by different applications to connect to the network or Internet.
A packet filtering firewall will examine the packets of data, compare them to a
list of rules which is based on the source of the data, its
destination, and the port it was sent from and is destined for. The limitation
of packet filtering is that ports and IP addresses are all that is filtered, the
content of the data packets is ignored.
A more sophisticated firewall is called a stateful inspection firewall. These
use the methods of packet filtering firewalls but also examine the contents of
the data packets as well.
- Types of firewall:
Firewalls come in two basic types; software firewalls and hardware firewalls:
Software firewalls, as the name suggests, are installed as an application on the
computer, and will then monitor the computer's ports and inspect each packet of
incoming or outgoing information. The advantage of software firewalls is that
they can block both incoming and outgoing traffic - blocking outgoing traffic
will prevent malware from "phoning home". They have the disadvantage of having
to be installed on each PC, and may need to be updated occasionally.
Hardware firewalls are physical devices that sit between the computer and the
network and monitor the traffic. The advantage is that once it's set up it can
be left alone to do it's job, but the disadvantage is that it will only protect
against incoming traffic - any malware that gets installed can "phone home" with
There is no reason why both software and hardware firewalls can't be used in
conjunction with each other - especially as software firewalls will often give
much more useful information to the user as to what is accessing the network.
Using more than one software firewall at the same time is not a good idea,
- Network Address Translation (NAT):
Those of you with a network of computers will often connect them together with a
switch or router. These devices usually employ what is known as network address
translation, where the IP address assigned by the ISP is exposed to the
computers on the Internet at large, and the computers of the internal network
are given their own IP addresses by the router. This effectively hides them from
the world at large, and while not a true firewall, is nonetheless very effective
in keeping unwanted intrusions at bay. In conjunction with a software or
hardware firewall, it gives a useful added layer of defense. Some routers will
have both NAT and a hardware firewall built in.
- Firewall Alert Method:
Most software firewalls will have a method of alerting the user to possible
hacking or attack events. It's very important to realize that the vast majority
of attempts to access your PC's ports are perfectly routine Internet traffic -
your ISP wanting to make sure that you're still online for example. It's not
unknown for people to become extremely paranoid about this, and to report every
email address that's logged to their ISP and anyone else they can think of!
Please don't be tempted to follow their example - if you think a hacking attempt
is being made, or you're not sure about anything that your firewall is
reporting, then ask here in our Spware/Malware Forum.