Q: What exactly is a firewall
and how does it work?
Think of it as Internet customs and immigration. The
firewall is the agent that checks each item entering or leaving the network.
Each item must pass the right criteria in order to make it through. So
a hacker attempting to enter the network of California with a Florida
orange would be stopped at the border.
There are three major types of firewalls:
- A packet filter looks at each packet entering
or leaving the network and accepts or rejects it based on user-defined
rules. Packet filtering is fairly effective and transparent to users,
but it is difficult to configure. In addition, it is susceptible to
IP spoofing.
- A proxy server (also known as application gateway)
intercepts all messages entering and leaving the network. The proxy
server effectively hides the true network addresses.
Proxies forward messages between clients and servers
by appearing to the client (e.g. a Web browser) as a server and appearing
to the server (e.g. Web server) as a client. Hence, the client talks
to the proxy which then decides whether the communication should be
forwarded to the server and if it does, it contacts the server and
forwards the messages to it.
Proxies can handle complex protocols (which packet
filters cannot), because they implement a complete set of a client
and a server for each protocol. The drawbacks are performance and
limited number of supported protocols.
- stateful inspection combines the speed and
broad protocol support of packet filters with the security and support
of complex protocols of proxies. It does it by inspecting all the traffic,
looking for security-related information, and using this security-related
information to make smart decisions regarding which traffic should be
accepted and rejected.
In practice, many firewalls use two or more of these
techniques in concert.
The problem with firewalls
Firewalls are still very difficult to configure and
monitor. In the future, firewalls will be configured using more natural
processes, similar to the way humans talk about security. Also, managed
security services -- outsourcing one's security to a company that has
unique security expertise -- is a growing trend.
ZoneAlarm
2.6 is freeware that combines a firewall with powerful tools to help
block Internet traffic and control certain applications' use of the Internet.
Four Steps to Internet
Safety
No matter how many security systems you have in place,
you should always stick with these easy rules for Internet safety:
- Always use good passwords. Choose gibberish
words that are not from the dictionary and use uppercase and lowercase
letters, punctuation, and numbers. The more random the password, the
more difficult it is to crack. If you have trouble remembering the truly
random ones, you can use a pneumonic system. For instance, take the
first initials of the last eight presidents. Use uppercase for Republicans
and lowercase for Democrats, putting between them the number of years
they served or random punctuation. It's hard to crack and easy to recall.
(I know, I know, that's easy for me to say!) I use a full sentence with
capitalization and punctuation for my password.
- Don't turn on services unnecessarily.
File-sharing is the No. 1 problem. If you don't have a reason to use
file sharing, turn it off. Don't run an FTP or a Web server unless you
have a reason. These services open ports and make your computer accessible.
If you have to use these services, then refer to rule No. 1.
- Be stealthy and don't name your computer something
obvious. I don't put my personal name or
anything associated with me on the computer. Otherwise, if people sniff
me (this is very easy to do) and find out my name, they have more reason
to attack. Don't put your name or address in your computer.
- When you're on the Internet, hide your IP address.
If you're using an ICQ, make sure you use the security feature and turn
off your IP address. You can use a program such as Freedom from Zero
Knowledge to hide your IP address from all comers.
Test Your Firewall
So how do you know for sure if the firewall you have
installed does what it's advertised to do?
A few software downloads can help you easily identify
potential security threats before they're an issue.
Test from outside
- ShieldsUp!
-- Developed by Internet privacy/security advocate Steve Gibson of Gibson
Research Corporation. ShieldsUp is a free 20K application designed just
for Windows users. Once installed it contacts the ShieldsUp Web server
and tests your firewall's integrity from the outside.
- Port
Scanner -- Security Port Scanner AWSPS v4.0 is an incredible utility
used to report and test TCP
and UDP
ports. You want to verify that no ports are reported open unless you've
opened them yourself. To test your firewall, simply install this program
on an outside computer and ping every port on your IP address.
Test from inside
|