|
Understanding Firewalls
When anyone or anything can access your computer at any time, your
computer is more susceptible to being attacked. You can restrict
outside access to your computer and the information on it with a
firewall.
|
What do firewalls do?
Firewalls provide protection against outside attackers by shielding
your computer or network from malicious or unnecessary Internet
traffic. Firewalls can be configured to block data from certain
locations while allowing the relevant and necessary data through (see
Understanding
Denial-of-Service Attacks and Understanding
Hidden Threats: Rootkits and Botnets for more information). They
are especially important for users who rely on "always on" connections
such as cable or DSL modems.
What type of firewall is best?
Firewalls are offered in two forms: hardware (external) and software
(internal). While both have their advantages and disadvantages, the
decision to use a firewall is far more important than deciding which
type you use.
- Hardware - Typically called network firewalls, these
external devices are positioned between your computer or network and
your cable or DSL modem. Many vendors and some Internet Service
Providers (ISPs) offer devices called "routers" that also include
firewall features. Hardware-based firewalls are particularly useful
for protecting multiple computers but also offer a high degree of
protection for a single computer. If you only have one computer behind
the firewall, or if you are certain that all of the other computers on
the network are up to date on patches are free from viruses,
worms, or other malicious code, you may not need the extra protection
of a software firewall. Hardware-based firewalls have the advantage
of being separate devices running their own operating systems, so they
provide an additional line of defense against attacks. Their major
drawback is cost, but many products are available for less than $100
(and there are even some for less than $50).
- Software - Some operating systems include a built-in
firewall; if yours does, consider enabling it to add another layer of
protection even if you have an external firewall. If you don't have a
built-in firewall, you can obtain a software firewall for relatively
little or no cost from your local computer store, software vendors, or
ISP. Because of the risks associated with downloading software from
the Internet onto an unprotected computer, it is best to install the
firewall from a CD, DVD, or floppy disk. Although relying on a
software firewall alone does provide some protection, realize that
having the firewall on the same computer as the information you're
trying to protect may hinder the firewall's ability to catch malicious
traffic before it enters your system.
How do you know what configuration settings to apply?
Most commercially available firewall products, both hardware- and
software-based, come configured in a manner that is acceptably secure
for most users. Since each firewall is different, you'll need to read
and understand the documentation that comes with it in order to
determine whether or not the default settings on your firewall are
sufficient for your needs. Additional assistance may be available from
your firewall vendor or your ISP (either from tech support or a web
site). Also, alerts about current viruses or worms (such as US-CERT's
Cyber Security Alerts) sometimes include
information about restrictions you can implement through your
firewall.
Unfortunately, while properly configured firewalls may be effective
at blocking some attacks, don't be lulled into a false sense of
security. Although they do offer a certain amount of protection,
firewalls do not guarantee that your computer will not be attacked. In
particular, a firewall offers little to no protection against viruses
that work by having you run the infected program on your computer, as
many email-borne viruses do. However, using a firewall in conjunction
with other protective measures (such as anti-virus software and "safe"
computing practices) will strengthen your resistance to attacks (see
Understanding
Anti-Virus Software and other security tips for more
information).
Both the National Cyber Security Alliance and US-CERT have identified
this topic as one of the top tips for home users.
Authors: Mindi McDowell, Allen Householder
Copyright 2004 Carnegie Mellon University. Terms of use
|
|
|
Last
updated
February 28, 2007
|
|