Firetrust: Firewall
     AstuteData.com / Documentation / Firetrust: Firewall
The following is an excerpt from an email by Nick Bolton at Firetrust. I liked the way he explains the topic, so I include it here with appropriate credit.
All About Firewalls

A personal firewall is a software application which filters traffic entering or leaving your computer.

When you're connected to the Internet, information is flowing to and from your PC in a near-constant stream through your PC's "ports". There are thousands of "ports" and they are like little gates that let information in and out.

Some of the information moving through the ports is obvious to you. For example, when you :

  • send and receive emails ;
  • access a website ;
  • fill in and submit a form on a website ;
  • download software like MailWasher Pro or Benign.

However, a lot of information flows to and from your PC without you knowing about it. This can include:

  • your copy of Windows talking to the Microsoft website to check for security updates ;
  • software applications talking to their own companies' websites to check for new versions ;
  • anti-virus software checking for the latest virus updates.

Most of this invisible information flow is good. However, some of it poses a grave threat to your PC and your privacy.

Your email isn't the only way bad things can get into your computer. They can come in through your PC's open ports without you even knowing about them. The "Blaster" worm of August 2003 was the most widespread example of this. In case you don't remember, that was the one that caused your PC to shut down about a minute after you'd started it up!

If you leave your PC's ports open and don't monitor them, you're at extreme risk of the following nasties :

VIRUSES: Programs or pieces of code that "infect" one or more of the programs on your PC. Basically, your programs "get sick" and start performing in weird ways, which sometimes can lead to a system crash.

WORMS: Malicious programs that propagate over a network, reproducing as they go. Worms cause the same effects as viruses but they are more dangerous since they spread by themselves.

PORT SCANNING: Hackers scan the open ports on your PC to figure out if they are open or exist at all. If your computer reports an open port, a hacker can send a worm and virus to it. They can even use an open port to take control of your PC.

COOKIES: Small data files placed on your PC by a website that you've visited. A cookie can store your personal information after you enter it online. For example, if you type in your credit card number, a cookie might store it till you come back next time. This is not a bad idea - most shopping sites use cookies completely legitimately so you don't need to keep entering your personal details. But problems can occur when other people decide to use your credit card too!

TROJANS: Programs that appear legitimate but do something illicit when run. Just like the wooden horse the Greeks gave Troy as a "gift", users mistake the Trojan for a useful or interesting program that they choose to download. Once installed and run, Trojans can secretly open remote access channels to hackers, relay passwords and credit card data or destroy user files. It's similar to a virus but generally does not replicate itself.

DENIAL OF SERVICE (DOS) ATTACKS: This kind of attack happens when a hacker finds a responding port on your PC and sends a huge amount of data to it. The port is just unable to accept all of the data, the system resources exhaust, and the system crashes and denies service.

SPYWARE: These are programs secretly placed on your PC that gather information about you (such as your surfing habits, what other software you have on your PC, etc.) without your knowledge or consent. Spyware is mostly used by on-line or software companies for marketing purposes.

So how does a firewall help to stop all of these bad things from happening?

As I said at the start, a firewall controls communications to and from your PC. It permits or denies communications based on a Security Policy.

According to the security policy you set for it, a firewall can ...

  • make your PC invisible on the Internet. Your ports don't just appear closed, they don't even appear at all. This is very good !
  • automatically block suspicious incoming traffic ;
  • alert you every time a program on your PC tries to send information to another computer. This stops spyware and trojans from sending hackers your confidential information, such as credit card details and passwords ;
  • do a lot more things too, but these are the most basic and important functions it carries out.

So in short, if you don't have a firewall installed, then as soon as you connect to the Web (before you even start your browser or e-mail client) you are open to attack - because some or all of your ports are open and unmonitored. A firewall is especially important if you have a high-speed Internet connection. Hackers love to take over broadband machines because then they can use them to spread spam even faster!

Now you're probably wondering where to get one of these firewalls, aren't you?

There are some good firewalls around, but the one that we all use here in the office is Outpost Pro, made by Agnitum. We recommend it to our customers - it's a great product. It's easy to use if you're a beginner and if you're more advanced, it gives you lots of different options. Check out the Outpost website. We've set up a link to it from the Firetrust site :

http://www.firetrust.com/firewall/

And tell 'em Nick Bolton sent you !