Firewalls

Firewalls are an essential part of computer security. They keep the internet’s bad stuff out while letting the good stuff through.

What is a Firewall?

A firewall is a device who’s purpose is to protect a computer or network from outside (i.e. the Internet) threats. A firewall is essentially a filter designed to stop intruders from getting to your computer while still allowing the traffic that actually should be connecting to your computer (such as web, email, instant messaging, etc.) through.

Additionally, some firewalls also filter traffic going back out to the internet. This can serve to stop viruses and spyware in some cases as well as prevent users from getting to places were they shouldn’t be. Many businesses and schools take advantage of this type of filtering to stop people from accessing certain websites (or from accessing the internet at all).

A firewall that just protects one computer is usually just a piece of software running on that computer. These programs are known as software firewalls or personal firewalls. In contrast, a hardware firewall (aka network firewall) protects entire networks and generally run independently on their own dedicated hardware. These can be special devices that are sold for sole purpose of being a firewall or it can even be a PC that has been configured to do the job. You may even already have one and not know it. Most wireless (aka WiFi, 802.11x) routers or other “broadband routers” on the market have a built in firewall.

Why Always Using a Firewall Is Important

Your computer surely has security problems, even if everything is up to date. New vulnerabilities pop up often and it is possible that these can be used against you before you can update. There are also a variety of services running on most computers that can be taken advantage of. There are viruses that spread via vulnerabilities in Windows. There are even popup spam messages that come straight to your computer. A firewall can stop attackers from being able to connect to your computer at all, reducing the security risks otherwise involved.

Personal Firewall vs Hardware Firewall

Each type of firewall has it’s own advantages and disadvantages. For the best protection, both should be used.

Personal firewalls run on the actual computer they are protecting. The big advantage of this is that the firewall can actually filter traffic based on what program that traffic is associated with. They can be configured to only allow certain programs to get through. For example, every time a new program tries to access the internet, the firewall might popup and ask you if it is OK before the program is allowed to connect.

The downside to this level of control is that it can be much more work on the user’s end and prone to user error. Although you should be able to tell the firewall to remember that a particular program is allowed access, the firewall should prompt you again every time a new version has been installed. Also, if you use a variety of programs or like to try out new ones, you may be prompted often. While this is a minor annoyance, the real problem is that users may get to used to approving everything and allow access for programs that shouldn’t have it.

The important thing to keep in mind when using a personal firewall is that unless you have started a program that you know needs internet access, you shouldn’t get any prompts to allow access, and thus if you do, you may have a a program that is posing a security risk. Also, some programs like to “phone home” and that may not be something that you want to allow (whether for privacy reasons or even because you could have a trojan).

The other main downside of personal firewalls is that they are generally less secure than hardware firewalls. If your system has become compromised, the firewall can be disabled. More than one virus has been known to shut down security programs such as firewalls and anti-virus scanners. On a final note, they do consume some amount of system resources, and while they shouldn’t slow your computer down much (if at all, though it can vary greatly from one product to another), you may see some impact. This is generally more of a concern for older systems.

The main advantage of hardware firewalls is that they are more secure. Since they are completely independent of the computers that they protect, they cannot be compromised if one of the systems has been compromised. On top of that, a hardware firewall can be secured against attack in ways that a system running a personal firewall cannot be for usability reasons. Also, higher end setups can be much more powerful than most personal firewalls. They aren’t subject to the users errors in authorizing programs like personal firewalls are and they don’t use any resources on the computers that they protect.

On the downside, a hardware firewall is usually involves a larger investment (though many can be had for under $50 these days). Plus, they cannot offer the same level of filtering of outbound traffic that personal firewalls do since they aren’t a part of the computer that is running the programs creating said traffic.

For the best security, you should use both at the same time. That way, the two types can play off their strengths and weaknesses. If you do nothing else, at least make sure that the Windows firewall is turned on (Win XP SP2 only). It provides less protection than more other firewalls, but it’s already on your system so why not use if you’re not using anything else?

It’s also good to note that you can’t have more than one personal firewall at the same time. Most of them are smart enough to disable to windows firewall so that they won’t conflict with it, though.

Caveats

A firewall may sound like the perfect solution. If an attacker can’t even connect to your computer then surely you’re safe, right?

Not so much. First of all, there are ways to get through a firewall from the outside. This is easier to do in some circumstances than it is in others, but the main downfall is that the firewall must let some traffic through. This always leaves the possibility of something bad getting through as well.

Secondly theres that whole a chain is only as strong as it’s weakest link thing. This is related to the first item really, but there are ways to get to your system that require no work in trying to bypass the firewall itself. For example, if you download a program that ends up being spyware then the attacker didn’t have to try to get in at all. You opened the door. Similarly, a virus that spreads by email may come to you and by opening it you’ve opened the flood gates as well. These are two very good examples of why having a good base of computer knowledge is so important.

Examples

I have no experience in using most of these products, so I’m not going to recommend any of them one way or another. You best bet is to do a little research and look for reviews to find out how worthwhile each is. Also, some of these are stand alone firewalls while others are bundled into a larger package.

Personal Firewalls

Hardware Firewalls

The simplest and cheapest way to get a hardware firewall is to pick up one of the various broadband (WiFi, 802.11x) routers out there. If it’s features don’t include something about a firewall, look for things like “stateful packet analysis”. Some of these can be had for under $50 and a ton of them are under $100.

The next step up from that is generally going to cost $200+ for a dedicated machine. You can also build your own using an old PC and software such as Smoothwall, IPCop, m0n0wall, or one of various other firewalls. This, however, can be a fairly complex process is beyond the scope of this site.