Firewalls Part 1

Basically, a firewall is a barrier to keep destructive forces away from your computer. In fact, that's why it’s called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.


Firewalls use one or more of three methods to control traffic flowing in and out of the network:

Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.

Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.

Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, and then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

There are many creative ways that unscrupulous people use to access or abuse unprotected computers:

Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually
running programs on your com
Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor or hidden access, that provides some level of control of the program.

SMTP session hijacking – SMTP (Simple Mail Transfer Protocol) is the most common thod of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace.

Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of.

Macros - To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer.

Viruses - Probably the most well-known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data.

Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.

The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, and then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through.. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.

One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto your computer.

One last thing. If you are connecting to the Internet by a DIALUP connection, you may not need a firewall, but if you connect through a Non-Dialup type connection, you NEED a firewall as much as you need an Anti Virus software package.

Next posting I’ll talk about some firewall software that should be considered because of its cost (Free) and its ease of use as well as how easy it is to configure.

Filed in: firewall security packet_filtering proxxy_service stateful_inspection