|
Firewall
A computer or device on a network that manages network
resources. For example, a file server is a computer and
storage device dedicated to storing files. Any user on the
network can store files on the server. A print server is a
computer that manages one or more printers, and a network
server is a computer that manages network traffic. A
database server is a computer system that processes database
queries.
Servers are often dedicated, meaning that they perform no
other tasks besides their server tasks. On multiprocessing
operating systems, however, a single computer can execute
several programs at once. A server in this case could refer
to the program that is managing resources rather than the
entire computer.
Firewalls protect your system
If you
spend a lot of time on the internet and you are not behind a
firewall, then you are living on borrowed time. Putting some
protection between you and the internet is probably the
third most important thing that you can do (after getting
virus checking software and performing regular backups).
The
diagram to the left shows an unprotected system using a DSL
modem. As you can see, someone on the internet can attack
the computer system easily as the DSL modem provides no
protection (some DSL modems have built-in firewalls). An
attacker can get through any type of modem - DSL, cable,
56K, 28.8 or whatever. If the device gets you on the
internet, you are vulnerable.
For
those with a DSL, cable modem or other "always-on"
connection, you MUST get a firewall. This is critical, as
your machine is always live and it most likely has a fixed
IP address. This makes it easier for your system to be
"found" and attacked.
What a
personal firewall does is isolate your computer from the
rest of the internet. It does this by inspecting each packet
of data to determine if it it should be allowed to get to
(and in some cases from your machine.) The best protection
completely hides your computer - this is called stealth
mode.
You
have the option of installing a software firewall or a
hardware firewall.
Software Firewall - A software firewall runs on your
computer system in the background. It intercepts each
network request and determines if the request is valid or
not. Software firewalls offer the following advantages:
They are generally very inexpensive
They are very easy to configure
They have the following disadvantages:
Since they run on your computer they require resources (CPU,
memory and disk space) from your system.
They can introduce incompatibilities into your operating
system.
You must install exactly the correct version for your
operating system.
You must purchase one copy for each system on your home
network.
Hardware Firewall - A hardware firewall is generally a small
box which sits between your computer and your modem. In
general, hardware firewalls have the following advantages:
They tend to provide more complete protection than software
firewalls
A hardware firewall can protect more than one system at a
time
They do not effect system performance since they do not run
on your system.
They are independent of your operating system and
applications.
They have the following disadvantages:
They
tend to be expensive, although if you have a number of
machines to protect it can cost less to purchase one
hardware firewall than a number of copies of a software
product.
Since they do not run on your computer, they can be
challenging to configure.
Firewall mixture - In my mind, the best protection is a
combination of both hardware and software firewalls. This is
the ideal, since both have different advantages and
disadvantages. Personally, I use a SonicWall hardware
firewall combined with ZoneAlarm Pro, which is installed on
my Windows 2000 Professional system. The SonicWall protects
my home network since it sits between the hub and the DSL
modem, and ZoneAlarm Pro offers some additional protection
for each system.
Testing Your Firewall - To test your firewall, surf to
http://www.grc.com and request a probe. You will be given a
very good report of exactly what issues were found and what
to do about them. Once the probe is finished several
excellent personal firewall products are recommended. My
personal favorite is ZoneAlarm Pro, primarily because it's
protection is excellent and it is trivial to use.
Some
Firewalls - A selection of personal firewalls is listed
below.
ZoneAlarm Pro - By far the best software firewall available.
ZoneAlarm offers protection from both incoming connections
and outgoing connections. It is also extremely easy to
configure, has low system impact and is very inexpensive (a
free version is also available).
Norton
Internet Security 2001 (which was the AtGuard product from
WRQ until a few months ago). Norton is a reasonable
firewall, although it does have some vulnerabilities. It
offers weak protection from outgoing connections and is
somewhat difficult to configure if you want it to operate
differently from the default.
BlackIce - An okay choice in firewalls. Much easier than
Norton to configure, but with the same vulnerabilities.
What
I've done on my system is:
Used a
SonicWall hardware firewall to protect my entire home
network.
Installed ZoneAlarm Pro on each system to provide additional
safety
And installed Norton Internet Security for it's privacy
protection.
Due to the rapidly changing nature of the internet, it's
very important to be continually monitoring security issues.
You may purchase the perfect personal firewall today, only
to find out in six months that it's been hacked to pieces.
So be sure to be looking around, and be ready to get a newer
and better product quickly. This is not one of those issues
where you can scrimp and save. Your system is at risk.
|