Firewalls by Robert L.Hummel
A technology that helps prevent intruders from
accessing data on your PC via the Internet or another network, by keeping
unauthorized data from entering or exiting your system.
Hackers don't just target national security organizations for
cyberattacks: They want your tax returns, network passwords, or bank
account numbers. And you don't want the FBI kicking in your door because
someone hijacked your PC to participate in the latest denial-of-service
attack on the Internet. Now that "always-on" broadband connections such as
cable modems and digital subscriber line are becoming more popular, home
users are at risk.
Should you be using distributed firewalls?
Fortunately, you can protect your data. Firewalls can block malicious
attacks and protect your PC from outside threats.
Here's what you need to know:
A firewall can prevent an unauthorized user from accessing your PC,
either from the Internet or from within your local network.
It blocks some Trojan horse programs and many hostile applications
that seek to take over your computer.
New packages aimed at home users and small businesses are
inexpensive and require little setup on your part.
When you're connected to the Internet, you're sending and receiving
information in small units called packets. A packet contains the addresses
of the sender and the recipient along with a piece of data, a request, a
command, or almost anything having to do with your connection to the
Internet. But just as with postal mail, not every package that arrives at
your computer is one you want to open.
A firewall examines each data packet sent to or from your computer to see
if it meets a set of criteria. The firewall then selectively passes or
blocks the packet.
Examining data for cracks
The criteria a firewall uses for passing packets along depends on the kind
of firewall you use. The most common type you'll find for home and small
business use is called an application gateway firewall.
An application gateway, often called a proxy, acts like a customs officer
for data: Anything you send or receive stops first at the firewall, which
filters packets based on IP addresses and content, as well as the specific
functions of an application. For instance, if you're running an FTP
program, the proxy could permit file uploads while blocking other FTP
functions, such as viewing or deleting files. You can also set the
firewall to ignore all traffic for FTP services but allow all packets
generated during Web browsing.
Other kinds of firewalls include packet filters, which examine every
packet for an approved IP address; circuit-level firewalls, which allow
communication only with approved computers and Internet service providers;
and the newest type, stateful inspection firewalls, which note the
configuration of approved packets and then pass or block traffic based on
Packet-filter, circuit-level, and stateful inspection firewalls are mostly
found in corporate network setups. They require major upkeep, so they
aren't suitable for most smaller companies and home users.
Insurance for your home PC
If you work at a large corporation, odds are good that a firewall sits
between you and the outside world. But the increased availability of cable
and DSL service means you could spend more time connected to the Internet
from home--and more time as a potential target for hackers. You're
somewhat vulnerable even on short dial-up connections.
Unfortunately, most people become aware of the danger only after they
become victims. With cyberattacks increasing, Chris Christiansen, an
analyst with market research firm IDC, predicts that firewalls will be
ubiquitous in five or six years.
But you don't have to buy an expensive, hard-to-maintain security system
for your PC. Personal firewalls, usually based on the application gateway
model, can keep you safe. These products don't require you to program
complex restrictions. They'll guide you through a setup that asks you what
you want to allow or block. They can also help you monitor intrusion
attempts and protect you from most Trojan horse or spyware programs that
let a hacker control your computer over the Internet. They can hide your
identity while you surf, too.
Personal firewalls are available either as part of an integrated security
suite or as stand-alone software. Symantec's $60 Norton Internet Security
2000 package, for example, bundles a personal firewall for Windows 95 and
98 with software for Web ad and cookie blocking, parental Web control,
personal security, and virus scanning. If you don't want a whole kit, you
can get firewall software such as Network Ice's BlackIce Defender,
McAfee's Personal Firewall, or Zone Labs' free ZoneAlarm.
Companies including Cisco and Check Point make high-end firewalls, such as
the ones used by corporate IS departments. These firewalls often come as
part of a dedicated server and are usually incorporated into a company's
overall security strategy, which may also include a virtual private
network. Because of their complexity and cost, such firewalls aren't a
good option for small business or home users.
Firewalls move into the mainstream
While most personal firewalls are available now as software that you
install on your PC, IDC analyst Christiansen predicts that firewalls will
be integrated into hardware in the next few years. That means the next DSL
or cable modem you buy or lease may have a firewall already installed.
To make maintaining a firewall easy, Christiansen says, companies will
offer subscription services. You'll pay $50 a month and the company will
make sure your firewall is up-to-date. That maintenance is key to keeping
your data safe: As soon as hackers hear about a weakness in a firewall,
they hunt for people who haven't upgraded to the latest version and break
As our dependence on the Internet and computers grows, so will the
personal consequences of a security breach. Whether to protect your
personal information from theft or to keep your PC from being hijacked by
a hacker, installing a personal firewall makes sense.