Saturday, November 12, 2005

Firewalls, Revisited

Español | Deutsche | Français | Italiano | Português

As I was sitting here at my desk, a few things came to mind that I feel should be passed on to you. I have spent the past month or so reading about firewalls on web sites and industry publications. Taken together, the subject is complex and confusing. Only one point is clear from all the noise. You need a firewall if you get on the Internet. Period. The arguments start when the topic of what kind of firewall is best. Therefore, I figured the thing to do is try and clear away the confusion as best I can.

I want to tell you, right now, that I am a strong proponent of dual barrier firewall solutions. However, I will try my best to give you the clearest viewpoint of the ‘firewall wars’ that I possibly can. Therefore, here goes!

First off, there are three different camps when it comes down to which is best. Folks are quickly deserting the first camp because they are saying ‘I don’t need a firewall!’ It has become plainly clear that in today’s World Wide Web, a firewall is essential to the operation of your computer. We will not discuss that any further for obvious reasons.

The remaining two camps are evenly split over the issue of single or dual barrier firewalls. There are also smaller areas of argument in the camps regarding whether you need to pay substantial amounts of cash for a firewall or if a free or Open Source solution is appropriate. So let us look at the ‘free or pay’ controversy a bit. You can chose from a wide array of good solutions, but the costs range from $200 on up to several thousand dollars US. These solutions also require, in most cases, expensive additional hardware to implement the firewall. More money. Most of us do not have the resources to put together a full firewall solution like this. If you do have the funds, and are convinced that road is better, I tip my hat to you and wish you well. However, if you do not have those resources, there are several software solutions available that come from the Open Source arena and several free packages are available, too, that are more than capable of protecting your computer. I refer you to the three-part firewall posting on this blog presented previously.

The last issue is single or dual barrier. Simply stated, a single barrier firewall is one that blocks incoming attacks. Outsiders trying to gain control of your computer for their own purposes or folks trying to extract as much information about you as they can for such things as identity theft and other forms of computer fraud. Blocking those folks is a good thing! Microsoft’s XP SP2 firewall falls into this category.

The dual barrier camp takes it a step further. We (yes, I am in this camp) feel that the attacks from outside are not the only dangers we face. Adware and Spyware, these so called ‘invited’ attackers, get into your system as ‘cookies’ and start collecting information about where you’ve been on the web, what you looked at, what kind of system you use, the operating system, even the type of browser you use. They then transmit that info somewhere where the cyber-gnomes read it and make decisions as to what you like to see (so they can show it to you) and what kinds of products you investigate (so they can sell you products). You do not have to download anything to get these things; they jump on board when you just look at a web site that uses them. I will tell you a little secret. The Computerist uses a cookie to see who is reading the posts. So sometimes, the cookie is just a one-shot thing. However, adware and spyware are continuous monitors of your web activity. In addition, software producers sometimes install a method of monitoring that reports the usage of the application. Microsoft does this with Windows to keep track of who is running it and how it is performing. Dual barrier firewalls are not going to stop the cookie. However, it can control the outbound traffic when setup right.

There are other, more complex points we could go into, but for now, this will suffice. If you have a question or a comment you would like to make on the subject, please do. I will answer all that I can.

Therefore, basically, there it is. The decision is, of course, yours. I tend to go for the more complete coverage on this issue since I want to be certain my system stays as safe as possible.. You may decide to take the position that you do not need the additional protection. It is up to you to decide.

Computing is fun and educational. So, as always, HAVE FUN!