Sunday, June 29, 2008

Fighting Fire With Firewalls

Personal firewalls offer a selection of protection levels depending on whether they're connecting to a private network or the Internet. Computers in a home network, for example, will usually be allowed to share files and access common resources like printers without restriction. In this case, the firewall will allow more access than when connecting to the Internet.

Since Internet access is riskier, it should be more strictly controlled. In this case, firewalls should be configured to restrict more types of incoming and outgoing data and close unnecessary ports. 'Ports' are standardized numbers used by network software to route traffic.

Not to worry about any need to become a computer geek. Things are usually configured well by default. When they need modification, alerts are generated to allow making the change.

Most personal firewalls have two basic components. The first examines data as it arrives at your computer to determine whether it should be allowed through. The second sets up rules ('a policy') for specific applications. This second component may be very lax — it simply allows a particular program to access the Internet.

The first component, the packet filter, analyzes each data packet and either allows it to pass or drops it. Data routed on networks is grouped into chunks called 'packets'. Packets must comply with a set of rules ('the policy') in order to pass, and those that fail to meet the rules may signal an alert or simply be dropped, depending on the firewall settings.

The second component, the application filter, determines whether specific programs can send and receive data through certain ports. For example, a browser needs access to the Internet, so the policy is configured to allow sending and receiving data through Port 80, the standard number.

Since your web browser is only using port 80, and the personal firewall is blocking all other ports, your computer is secure, right? Well, not exactly.

Application filters are usually set up for specific programs and not the components they are made up of. Each program may use several modules and these individual modules can become infected. In Windows, they often take the form of DLLs — dynamic link libraries — but that's more info than you need.

Your antivirus program will typically be able to detect an infected module, but a brand new virus which is not yet in the antivirus database could remain hidden. If this happens to your web browser and your personal firewall is allowing traffic to pass based on the application filter, your system is open to attack.

Firewalls don't provide absolute protection from hackers or viruses. They're effective at keeping average hackers out, but should be supplemented with up-to-date antivirus software and safe file sharing practices.

Remember, the rule of thumb for firewalls: If you don't recognize the visitor, treat them as risky.

No comments:

Post a Comment