Firewalls: Basic

Prepared by Craig Knott

This article is designed to introduce you to the term - Firewall. No doubt you have heard it mentioned many a time whether on the Internet, or in a magazine, but do you really know what it is and why you need one? If you have answered 'no' to this question then read on. Everything in this part has been written to be as simple to understand cutting out all of that techno-babble and leaving you with the facts you need to know.

The second part has been composed for the more advanced computer users among you. In particular it will look at the more expensive programs used by large businesses and firms across the globe. If you are an IT administrator or part of a small company you may wish to go straight on to the second part HERE.

In case of any queries or requests for tips, please write to techtips@wougnet.org.

FIREWALLS: BASIC

WHAT IS IT?

If your computer is attacked there is a chance that private data such as passwords may be stolen or deleted. The potential damage could be immense, especially if you are working from home.

Leaving your system open to outsiders not only allows people to steal all of your important information, but also the chance to infect your computer with viruses, Trojans, worms and all sorts of destructive code.

A firewall isolates your computer from the Internet using a 'wall of code' that inspects each individual 'packet' of data as it arrives at either side of the firewall - inbound to or outbound from your computer - to determine whether it should be allowed to pass or be blocked.

There are, in general, two types of firewall: the filtering firewall and the proxy firewall, both are well respected. The details of these can get quite complicated. Instead we will look into the use of personal firewalls. These are different from a regular firewall in that they only protect a single computer from attack.

Personal firewall protection is especially useful for users with "always-on" connections such as ADSL, cable modem, or wireless connections. Such connections use static IP addresses that make them especially vulnerable to potential hackers. Often compared to anti-virus applications, personal firewalls work in the background to protect the integrity of the system from malicious computer code by controlling Internet connections to and from a user's computer, filtering inbound and outbound traffic, and alerting the user to attempted intrusions.

Several companies have announced plans to develop personal firewall solutions that will go right in the chips used in ADSL and cable modems. It is generally believed that personal firewall protection will become standard issue for new home computers in the not-too-distant future.

WILL I NEED ONE?

• Your computer's files need to be accessed remotely across the Internet.
• You are operating any sort of Internet server such as Personal Web Server.
• You want to properly and safely monitor your Internet connection for intrusion attempts.
• You want to pre-emptively protect yourself from compromise by 'inside the wall' Trojan horse programs like NetBus and Back Orifice.

HOW DOES IT WORK?

In order to reach its destination - whether it's another computer two feet away or two continents distant - every Internet packet must contain a destination address and port number. And, so that the receiving computer knows who sent the packet, every packet must also contain the IP address and a port number of the originating machine. In other words, any packet travelling the Net contains - first and foremost - its complete source and destination addresses. An IP address always identifies a single machine on the Internet and the port is associated with a particular service or conversation happening on that machine.

WHATS THAT MEAN?

The port used by your PC for data transfer is called a TCP/IP port. This port is only 'open' on your computer if your computer answers the first arriving packet, which requests the establishment of a connection. If the arriving packet is simply ignored, that port of your computer will effectively disappear from the Internet. No one and nothing can connect to it!

But the real power of a firewall resides in its ability to be selective about what it lets through. Since every arriving packet must contain the correct IP address of the sender's machine, (in order for the receiver to send back a receipt acknowledgment) the firewall can be selective about which packets are admitted and which are dropped. It can 'filter' the arriving packets based on any combination of the sending machine's IP address and port and the destination IP address and port.

For example, suppose that you wish to create a secure 'tunnel' across the Internet to allow your home and office computers to share their files without any danger of unauthorized intrusion. Firewall technology makes this possible and relatively simple. You would instruct the firewall running on your office computer to permit from the IP address of your home computer. The firewall running on your home machine would similarly be instructed to permit connections from only your office machine's IP address. Thus, either machine can 'see' the other, but no one else on the Internet can see that either machine has established such a secure tunnel across the Net.

I could go on in more depth, as it gets a lot more complicated, but for the time being I shall stick to these basics.

The challenge companies face is to design a simplified firewall for the non- expert end user. I have compiled a small list of software based personal firewall programs available.

WHAT TO BUY

NORTON INTERNET SECURITY 2003
Symantec's Norton Internet Security 2003 is built around the standalone Norton Personal Firewall 2003 ($49.95 list), a solid firewall program whose most impressive features might be its ease of use and straightforward set-up, which are significant selling points in this product category. The full suite adds many features, including Norton's popular antivirus application, parental controls, ad blocking, and spam filtering.

The Program Scan feature allows you to check for all Internet-enabled applications on your machine, letting you grant them all permission to access the Internet in one fell swoop. You can also specify other applications you want to grant access.

After setup, LiveUpdate automatically runs and downloads any changes to the product. We were alarmed to discover that our first update was 13MB-mostly updates to parental-control URLs. We hope that dial-up users won't have to swallow this large a pill more than once.

The firewall's intrusion detection system uses signatures to check for common types of attacks. Like virus patterns; Symantec?s central servers update these signatures regularly. If the firewall detects an incoming attack, it automatically blocks the source address for 30 minutes. You can disable this feature entirely, but you can't adjust the time interval.

The Privacy Control feature allows you to enter credit card numbers or other sensitive information and ensures that they are not sent in the clear over the Internet.

The complete suite adds Norton AntiVirus, Symantec's product for stopping viruses, Trojan horses, and malicious script attacks; it is among the best antivirus products on the market. The parental-control tools let you selectively block Web sites and Usenet newsgroups.

PRICE: 69.95

WEBSITE: http://www.symantec.com

MCAFEE.COM PERSONAL FIREWALL PLUS 4.1
McAfee.com Personal Firewall Plus 4.1 is a fairly simple program that's among the better-suited products for people who are less computer- and network- savvy. But the program's Internet-activity warning messages provide very little useful information, leaving users with plenty of opportunity to get themselves in trouble by making poor access permission choices.

The firewall knows what to do with almost all the Internet apps that come with Microsoft Windows, but others, such as FTP programs or download accelerators, need manual configuration. In the first hour or so of using the program, you may find yourself bombarded with pop-up alerts telling you that one app after another is trying to access the Internet. These alerts don't let you try an action once; you create an ongoing rule that either grants or blocks access. This system makes it much harder to determine why an application is trying to get online.

If an attacker tries to break into your system, you can elect to ban the malicious address indefinitely. Likewise, you can also place an address in a list of trusted IP?s, so that the firewall stops querying you about packets from that address-for example, your ISP's mail server.

Advanced options are limited. You can open two-way ports through the firewall for system services (port 80 for HTTP, for example) and set the firewall to accept or deny inbound ping requests (required for interaction with some remote servers or remotely hosted apps).

PRICE: $39.95 USD

WEBSITE: http://www.mcafee.com

MCAFEE INTERNET SECURITY 5.0
McAfee Internet Security 5.0 is a suite of products that contains not only McAfee Firewall 4.0 ($29.99 alone) but also McAfee VirusScan Home Edition 7, the company's antivirus application, and a host of other useful tools, including an ad blocker, parental controls, a cookie filter, and a browsing- history shredder. The suite is more comprehensive than Symantec's Norton Internet Security 2003 but not as easy to use. McAfee's firewall is best suited for advanced users who can make wise decisions about programs accessing the Internet, since it provides very limited advice.

The Internet Security suite has a useful set-up wizard that walks you through configuration. Oddly, the firewall component is disabled by default, and some users may unwittingly leave their systems unprotected. The firewall identifies programs on your hard drive that need Internet access and creates appropriate rules.

We found various additions within Internet Security that are useful and technically advanced. The firewall offers many security options, such as alerting the user when the modem dials out silently, and blocking unauthorised program access and sites with viruses or hostile ActiveX controls (this last is only within the suite, not in the standalone firewall).

The included McAfee VirusScan, in addition to checking for viruses, scans e- mail and stops hostile scripts and attachments, both inbound and outbound-but only for the local machine-and scans Microsoft Exchange stores but not the more common POP3 e-mail. Finally, the suite includes Visual Trace, McAfee's effective, graphical IP trace tool, which helps advanced users ferret out the sources of hack attempts.

PRICE: $69.99 USD

WEBSITE: http://www.mcafee-at-home.com/

ZONEALARM PRO 3.1
Though previous versions were difficult to manage, Zone Labs' ZoneAlarm 3.1 makes great strides in ease of use. The regular version of ZoneAlarm is available free to individuals and non-profit organizations.

ZoneAlarm Pro adds pop-up blocking, cookie control, hacker tracing (locating a hacker and getting his ISP data), zone-based blocking (for locking out ranges of IP's), and more. Both share core firewall components; if you don't need the extras, you shouldn't pay extra for Pro. (For Pro's features without ad blocking, cookie control, and a few other features, consider ZoneAlarm Plus, at $39.95.)

ZoneAlarm's AlertAdvisor provides information about the programs it recognises trying to access the Internet.

ZoneAlarm also detects and monitors intrusions. When it detects outside access attempts, it lets you know, via a pop-up, the type of access attempt and the originating IP. The amount of detail in the logs can go from nothing to only alerts with a high rating to everything.

ZoneAlarm's interface is cleaner and more refined than many of the products we reviewed, but the firewall has fewer options. This isn't necessarily a bad thing; many people, especially those new to firewalls, prefer simplicity.

PRICE: $49.95 USD

WEBSITE: http://www.zonelabs.com

OTHER USEFUL LINKS