Firewalls: the big picture

In fire protection, a firewall is a solid, fire resistive barrier that keeps fire burning on one side of the wall from burning valuable material on the other side of the wall. In computing, a firewall serves a similar purpose: separate bad guys and your valuable data. Firewalls come in two flavors: software (computer programs) or hardware (equipment or stand-alone boxes). There are benefits and disadvantages to both:

Software Firewalls:

  • Generally installed directly on your computer
  • Goes everywhere your computer goes (important if you use a laptop)
  • Often fairly inexpensive and/or free
  • Uses your computer's processor to do it's work, which can sometimes bog down your computer slightly (Modern computers should not be tremendously affected.)
Hardware Firewalls:
  • Installed physically on the cable or network that connects you to the Internet
  • Generally NOT portable (important if you use a laptop)
  • Does not use any of your computer's processing power to do it's job
  • Can be more expensive and takes up space on your desk
What do firewalls do:

Firewalls help separate two worlds. The world of the bad guys and your world. Firewalls work to keep traffic from traveling in both directions: keeps attacks out (inbound filtering) and keeps your private info in (outbound filtering).
  • Inbound filtering:
    • Probes and scans: bad guys often try to probe or scan your computer and your network to see what programs you have, what operating system you run, what ports you have open and what files or other information you have. With this info, they can
      decide which attacks would be most effective.
    • Flooding and Denial-of-Service: bad guys may try to prevent legitimate people from reaching your computer or network, by flooding your computer with traffic.
    • Bad or malformed traffic: some messages sent to your computer can actually cause your computer to lock up or crash, because it does not understand the message and gets "confused".
    • Storage: Some bad guys don't want anything off your computer, but they may want to put something on it. The bad guys will sometimes store pirated software or child porn images on other people's computers, so keeping the bad guys off your machine is critical

  • Outbound filtering:
    • Phone home: Just like E.T. wanted to "phone home" sometimes you will get infected by viruses or other junk from the bad guys. Often, these programs will want to phone home to get more instructions, to send your private info to the bad guys or to
      open up gateways so that more powerful programs can be installed secretly on your computer.
If you don't have a firewall installed, get one. Some of them include firewalls from Norton, McAfee, Comodo, Sunbelt/Kerio, ZoneAlarm, etc. Most are available for download off the Internet. Some are free. Some will cost you.


No comments: