Holding Down the Fort – Firewalls and Home Computer Security
You run the latest anti-virus software, you guard all your personal information carefully and now you’ve received a note from your ISP threatening to cancel your account due to excessive spamming? You didn’t send the spam, in fact you hate spam, but your ISP gives the proof and forwards you copies of the email that appear to come from your IP address. Most likely you have been the victim of a security bug in your operating system. The exploit used it what is referred to as an open relay.
Most computer users install their OS hastily using the default settings. This can leave your computer vulnerable to all sorts of annoyances such as worm viruses, open relays and in some cases even leave your computer open for others to complete control of your system. Every computer OS has security holes, some get patched quickly, others stay undiscovered for years. There are many ways to test your computer for open ports and other security risks, several web sites offer online security scans to show you where your computer is vulnerable.
A few of the most popular online security scanners are:
Sygate Security Services at http://scan.sygatetech.com/
Shields UP! At https://grc.com/x/ne.dll?bh0bkyd2
Symantec Security Check at http://security.symantec.com/ssc/home.asp?j=1&langid=us&venid=sym&plfid=23&pkj=MBIDODEQOHBDJQEEFGY
The bad news is that chances are the results of the scan show more than one area of vulnerability; the good news is that you can close these vulnerabilities and protect yourself for future problems that might arise through the use of a firewall.
Chances are if you have been on the internet for a while you have heard the word firewall before, but you may not know exactly what a firewall is. Most people go about their day completely unaware that their computer has been scanned several times a day by total strangers looking for a way in. Think of a firewall as a two way stop light between you and the internet. A firewall is designed to protect your computer from unwanted scans and probes from both hackers and worm viruses. Just as a traditional firewall is used to keep fire from spreading from one area to another, a network firewall is used to keep bad things and bad people from getting to your computer.
How Does A Firewall Work?
A firewall can be either a hardware device or a computer program that is designed to filter data going to and from your computer and the internet. If incoming data is tagged by the filters as undesirable it is stopped and not allowed to pass.
A firewall can also be used to implement security in the home or business, for instance you have 3 computers in the home but only one of those should be allowed to connect to your online banking account, you can accomplish this with a firewall by permitting traffic from that specific computers ip to the website and denying traffic from all other IP’s in your home network.
A firewall can use several ways to filter and control traffic; the most common are Packet Filtering and Proxy Service.
Packet Filtering analyzes small pieces of data and compares them to a defined list of filters. For example you set up your firewall to only accept data on port 80. Port 80 is the port used for the World Wide Web so if the traffic coming across the network is not from a website it will be discarded.
Proxy Service acts as a complete buffer between the user and the internet. When using a proxy service all traffic passes through the proxy server before entering or exiting your computer. Proxy Service allows you to essentially “hide” on the internet since the only internet address that will be visible to the internet is the address of the proxy server itself.
A newer method of traffic control in firewalls is called Stateful Inspection, similar to Packet Filtering, it examines packets but instead of examining the contents of each packet, it compares only certain parts of the packet against a database of trusted data, it continues to monitor traffic matching those characteristics, it a packet is deemed untrustworthy it is discarded.
How to Create Firewall Filters
Firewalls are very flexible and can be customized to your specific needs. Sometimes you will find that you have to add or remove new filters based on applications you need or want to use. Filters can be added to block traffic meeting a variety of needs.
IP Addresses
Each computer connected to the internet has a unique address called an IP address. A typical address looks something like this: 66.218.71.87. If you notice that a strange IP keeps trying to connect to your computer, you can filter that specific IP or an entire range of IP’s from reaching it.
Domain Names
Domain Names are the most common way of identifying an address on the internet; each domain name has an associated IP address it is connected to. For example 66.218.71.87 was mentioned about, if you type that into your browser window you will find that is the IP address that matches www.yahoo.com. Just as with IP addresses, you can filter individuals and even entire ISP’s by filtering their domain name. Adults with children at home may find this a useful way to block access to website they do now wish their children to see.
Ports and Protocols
The most common sorts of filters are port and protocol filters. They allow a user to specify exactly what kinds of traffic will be allowed. Each service or protocol on the internet uses a specific port to communicate and send traffic. Some common ports are:
|
Port |
Protocol |
|
21 |
FTP (File Transfer Protocol) |
|
22 |
SSH (Secure Shell) |
|
23 |
Telnet |
|
25 |
SMTP (Simple Mail Transfer Protocol) |
|
43 |
WhoIs |
|
53 |
DNS (Domain Name System) |
|
80 |
WWW (World Wide Web) |
|
110 |
POP3 (Client Side Email) |
|
119 |
NNTP (Newsgroups) |
|
137 |
NETBIOS (Windows File Share) |
|
139 |
NETBIOS (Windows File Share) |
|
194 |
IRC (Internet Relay Chat) |
|
443 |
HTTPS (WWW Secure Pages) |
|
1214 |
Kazaa and Clones |
|
6346 |
Gnutella and Clones |
By blocking specific ports or protocols you can specify exactly what types of traffic you will allow to reach your computer.
Key Words or Phrases
When filtering my keywords the firewall will examine each packet of data coming to your computer and filter it based on those key words. For example you could block any pages containing profanities by specifying them in the key word list. This is another great way to filter the web when you have children using your computer. Be aware that keyword filters are based on exact matches so any variations on the keywords if not specified will slip through.
I’m convinced! How Do I Get A Firewall Of My Own?
There are two choices in picking a firewall; hardware or software. As you can see below they both have benefits and drawbacks. Choose the type that is right for you.
|
|
Hardware |
Software |
|
Pro’s |
|
|
|
Con’s |
|
|
The most affordable hardware solutions for firewall come in the form of Cable and DSL residential gateways or VPN router. A residential gateway is a hardware device that sits between your cable or DSL modem and provides connectivity to multiple computers. Linksys
, DLink and Netgear are a few of the many vendors which offer home firewall solutions.
For software firewall solutions there are many choices Sygate Personal Firewall , ZoneAlarm and Kerio Personal Firewall 2 are very popular, well supported and best of all offer freeware versions for home users.
If you are online for extended periods of time a firewall is a good idea, if you are one of the many that have broadband connections to the internet such as cable or DSL it is a necessity. Having a firewall is the only way to guarantee you have 100% control of your computer and your home network.
Some additional links to help you in your decision:
http://www.cnet.com/software/0-352108-8-7338947-1.html