60,985 News Articles

What you should know about firewalls

It's 2 a.m. Do you know what your PC is doing?

By | 08 October 04

Scott Rolf knows trouble when he sees it. An IT director for a law firm near Cleveland, Ohio, Rolf was asked by a friend to check out the new website the friend had put up on a DSL-connected web server.

Related Articles

Rolf did more than just visit his friend's site; he quickly found that the server lacked any sort of firewall protection. It took less than five minutes for Rolf to exploit a well-known Windows NT vulnerability and email to his friend a complete listing of files and directories from the server's hard disk.

"He called me a few minutes later and said 'Holy cow, what do I do?' He was at work and couldn't turn the server off," Rolf laughs. "I think he went out and bought a Linksys firewall box."

As the name implies, a firewall acts as a barrier between your PC and the internet. Firewalls not only prevent unauthorised access to your PC or network, they also hide your internet-connected PC from view.

Firewalls have long been a fixture at large companies, which must secure their networks against determined attackers. But the dangerous surge in email- and web-borne threats, including viruses, worms, hijacks, and increasingly aggressive spyware, means that home PCs require this protection as well.

According to the Internet Storm Center, a typical unprotected PC will come under attack within 20 minutes of being connected to the internet. In less time than it takes most people to shower and get dressed in the morning, your PC will probably attract some form of unwelcome advance.

Johannes Ullrich, chief technology officer at the Internet Storm Center, says the situation is so bad that a newly connected PC won't have time to download all the Windows patches needed to make it secure before malicious software has found and infected it.

The time to attack is even shorter for PCs on high-speed university networks and cable or DSL services. Hackers specifically target these addresses for their high bandwidth and always-on nature. It's a digital catch-22. The better your connection, the bigger your risk.

Alas, it seems that too few people have well-meaning – if over-inquisitive – friends like Rolf. Alan Paller, director of research for The SANS Institute, an organisation dedicated to internet security issues, says most home users don't have any firewall protection in place. That leaves connected PCs exposed to all manner of intrusion and attack.

The good news for cable and DSL customers is that firewalls are cheaper to buy and easier to use than ever. And adoption is picking up, according to forecasts by In-Stat/MDR, a market research firm. Sales of consumer firewalls are expected to quadruple by 2007, in part because firewall functions are being built into all sorts of consumer network gear.

"I don't even think there are any routers that don't have basic firewall protection," says Ullrich.

Firewalls actually come in two distinct flavours: software applications that run in the background, and hardware devices that plug in between your modem and one or more PCs. Both types hide your PC's presence from other systems, prevent unauthorised access from external sources, and keep tabs on network traffic across the firewall.

While software applications can be less expensive – Microsoft has improved the firewall software in Windows XP Service Pack 2, and both ZoneAlarm and Sygate Personal Firewall are free for download – a hardware firewall usually does a better job for broadband users.

"Users really like them because they are simpler to use than software firewalls, and they don't have any [performance] impact on their computer," Ullrich says.

"The other advantage of a hardware firewall is if you happen to install some sort of malware on your system, it cannot take out your firewall. However, malware frequently disables antivirus checkers and software firewalls."

Matt Neely, a computer security expert for a major financial firm, says you can find bare-bones firewall devices for next to nothing. "You can get a decent one on sale for 10 or 20 bucks," says Neely. "They make a great gift. I give them out like candy on the holidays."

Don't make the mistake of buying a firewall and thinking your security problems are solved. Firewalls may be great at stopping unwanted intrusions, but they often do little or nothing to detect virus-laden emails or stop intrusive adware and spyware.

You'll want separate antivirus and spyware checkers to stymie these threats. What's more, hardware firewalls usually won't manage outbound traffic, which means a piece of spyware can freely send data from your PC to a server on the internet.

So what do hardware firewalls do exactly? More than anything, they stymie inquisitive software that pings, sniffs and queries IP addresses in the hopes of finding a wide-open system. To do this, hardware firewalls employ numerous functions. Among them:

  • Network address translation: Every system on the Internet needs an IP address – like a phone number for computers – which is used to forge links with other systems across the network. NAT foils unauthorised connections by giving PCs behind the firewall a set of private addresses, while presenting to the world a single, public address. The switcheroo makes it difficult for others to reach through the firewall to an individual PC.

  • Port management: By default, most hardware firewalls close unsolicited access to all ports (akin to doors in a hallway) on your connected PC. So if a piece of software locks onto your IP address and tries to form a connection with TCP port 80 (used for web connections) or TCP port 25 (used for outbound email), the firewall would ignore the request. As far as the inquiring software can tell, there is simply nothing there. By the same token, firewalls can let you open specific ports (an action known as port forwarding), so a multiplayer game can link up with other systems across the internet or a web camera can send a video stream to view on the internet.

  • Stateful packet inspection: An important security feature, SPI digs deep into the packets used to encapsulate data traversing the network. The result: a firewall can do more than simply prohibit packets from a specific source and take action based on the content or behaviour of packets. For instance, an SPI firewall can tell if an incoming packet was unsolicited (and therefore, unwanted) or if it arrived in response to a request from the local network (in which case it would be allowed through).

  • Activity logging and alerts: One area where hardware firewalls can vary greatly is in their ability to track, record and report the activity fielded by the device. If you need finely detailed information about network activity, make sure to check reviews for products that offer the most comprehensive and useable activity logging and alerting features.

  • Content and URL filtering: Firewalls can also offer higher-level features: for instance, blocking access to URLs with a specified string of letters in their URL (think "XXX") or to any sites that fall outside of a list of accepted web domain names.

    PC security expert Neely suggests pairing a hardware firewall with a free software firewall application, such as ZoneLabs' ZoneAlarm. Software firewalls can detect which applications are trying to send data over the internet and prompt users to allow or disallow the activity.

    So when a previously unknown program asks for internet access, you can dig down and see if that application might actually be spyware. Adjustable alert levels mean you can flag every access for review or simply allow all traffic through by default. Also, hardware firewalls can't plug into analogue modems, which means a software firewall is the best option for most dial-up internet users.

    The good news is, firewalls really work. I tested my setup (a D-Link DI-624 wireless router) using the ShieldsUp port test service. I clicked the All Service Ports button, and the remote server performed a comprehensive scan of all the ports at my IP address.

    The scan took just over a minute and revealed that all but one of my ports had been stealthed. That is, my firewall had rendered them invisible, so that any computer trying to open ports on my machine's IP address would get no reply.

    Port 113 on my system was marked as closed, meaning a remote machine would know a live system is out there, but it would be unable to gain entry.

    So will all users someday have PCs protected by firewalls? If Scott Rolf has his way, absolutely.
    "I preach it so loudly that most of them already have a firewall, and if they don't I've given them ZoneAlarm."

    • Share this article




    Comments

    Send to a friend

    Email this article to a friend or colleague:

    PLEASE NOTE: Your name is used only to let the recipient know who sent the story. Both your name and the recipient's name and address will not be used for any other purpose.