Traditionally firewalls were the bastion of large, publicly accessible networks to keep hackers out. But in a world connected by the Internet, every machine hooked up to it becomes publicly accessible, and so it's vital that every machine is equipped to protect itself, and the network it may serve, from attack.
Specifically, firewalls are designed to perform two main functions:
- Protect your network, and thus your valuable information, from being compromised.
- Stop hackers using your machine as a weapon against others.
So, what exactly is a firewall and how does it work for you?
Services and ports
Computers communicate with each other over networks using protocols such as TCP/IP.
In order to do nifty things like share files or serve Web pages, machines communicate using specific ports that are set aside for these tasks. For example, Web pages are commonly served on port 80, while email is transferred on port 25.
So what's a port? Imagine that your machine, like a house, has a unique street address in the worldwide neighbourhood that is the Internet. If your machine's unique TCP/IP address (assigned by your ISP when you connect) is your address, think of ports as a collection of mailboxes assigned to your address. Information can come and go from these mailboxes, and by default a computer connected to a network will normally allow complete freedom as to who can send and receive information through them.
Firewalls are programs or devices that work by simply analysing the TCP/IP packets as they enter the machine and applying rule sets, defined by the user, as to which packets are and are not allowed through the ports. If you decide to completely lock down a machine and close all the ports then, for the most part, you will make it very hard indeed for anyone to gain access to your machine.
Great! But if you're blocking everything coming in, then how do you browse Websites or transfer files through the firewall? Once upon a time it was necessary to set up direct pipes between remote machines and your machine for the services that you wanted to use, essentially drilling holes into the firewall. However with the vast variety of programs and services today, everything from news groups and email through to streaming media and online gaming, there are literally thousands of ports in use.
Today almost all firewalls use a technique called stateful inspection that allows them to determine the state of information coming in and whether it is, in fact, a response to a communication first initiated behind the firewall, from your 'trusted' machine. This means you can have a firewall that blocks everything coming in without hindering the operation of programs that access the Internet from your side, no matter which ports they use.
Which leads us to another hot topic in the world of globally connected computers.
Trojans
So, assuming you have an effective firewall installed, does that make your machine totally safe from hackers?
Not quite. Aside from the fact that no solution is ever 100 percent effective (because, for example, security flaws may be found in the programs you use) the biggest security flaw in any network is the piece of machinery that sits between the keyboard and the chair – you.
Hackers wishing to gain entry to systems they know are firewalled realise that while firewalls block most of what comes in, they often don't bother checking what goes out. If a hacker can plant a program on your machine through Outlook attachments or riding on the back of a virus, then they can use it to provide a back door into your computer.
Trojans are not only used to gain control of your machine, and thus your data, but also as a means to use your machine as a weapon against others. You have undoubtedly read about DoS (Denial of Service) attacks, where a Website is flooded with so many packets of data that it effectively brings a site to its knees, unable to service valid requests for information.
Harnessing enough bandwidth for such an attack often requires the co-operation of hundreds of machines, and where else is there an almost unlimited supply of Internet connected machines with bandwidth to spare? You guessed it – the millions of home computers connected through broadband Internet structures.
Those computers with little or no protection can unwittingly become partners to such attacks with trojans installed, and almost always with the users completely unaware.
While many firewalls can't guess as to what is and is not legitimate communication going out of your machine, some firewall packages come with a list of recognised trojans, and those yet to be seen will often trigger the firewall to ask you whether you wish to allow certain connections out of your machine.
Hence, it is not only wise to ensure you have a firewall running to protect your own data, but it's also responsible to ensure your machine doesn't become just another tool in the hands of a malicious hacker.
That said, firewalls are not the ideal defence against trojans – common sense is. Making sure you never run attachments you don't recognise, and that you virus scan programs given to you, will ensure that a trojan never makes it onto your system in the first place.
Choosing a Firewall
Armed as you are now with a grounding in firewalls, how do you install and use one? Windows XP actually comes with a built-in firewall service, but it's basic and shouldn't be relied upon when there are far better firewalls available.
Thankfully there are a number of excellent firewalls for the Windows platform (a selection of which you will find on this month's cover CD).
Popular commercial choices include BlackIce Defender, Norton's Personal Firewall and ZoneAlarm. We'll explore ZoneAlarm as it's one of the better-known solutions available.
You can grab ZoneAlarm from www.zonelabs.com. Either the free or 30-day trial Pro version should suffice, with the latter providing a few more handy features such as pop-up and ad blocking.
ZoneAlarm is easy to install – about the only option you need to select is whether ZoneAlarm will report attempts to access your machine, or simply block them silently in the background.
The most important step however is when ZoneAlarm detects your network and prompts you as to whether the network is trusted or untrusted.
If you have both a LAN and your cable or ADSL modem connected up to your machine, be sure to set the network (IP range) which belongs to the LAN as trusted, and your cable or ADSL connection as untrusted. ZoneAlarm will create a profile for each network it detects.
Once installation is complete ZoneAlarm is a fire and forget program. You might want to tailor the level of protection offered (under the Firewall menu) and the level of program control (the Program Control menu), but the defaults should be fine. You can also set how strict ZoneAlarm becomes in disallowing access to the Net – because ZoneAlarm is designed to protect against trojans as well as block ports, the first time you use your regular programs you will be prompted to allow or deny said programs access to the Net. If you recognise the program and accept, ZoneAlarm won't prompt you again. If you don't and you are suspicious that the program might be a trojan, deny access and ZoneAlarm will add to its list of programs to deny.
The Pro version offers a little more functionality over the standard version, such as being able to customise the firewall's rulesets to allow or disallow packets travelling to specific ports. For example if you want to run a Web server that's accessible