Number 235 - November 2002

An Introduction to Firewalls
by Dick Maybach, Brookdale Computer Users Group
Most PC users are aware of the threat posed by viruses and e-mail attachments, and they protect themselves with an anti-virus program, which they update regularly. Most of you are also aware that your PCs have network capabilities that allow connected PCs to share files and to run programs on each other. However, you may not realize that because the Internet is a network, PCs can also share files and run programs over it. More importantly, others can access files and run programs on your PC. They can do this easily if you don't set up your PC carefully or, with a little more trouble, they can exploit weaknesses in your software and do it, even though you think you haven't allowed it. Viruses are not involved, and an anti-virus program will not prevent it. Instead, you need something called a firewall.     While most hackers find commercial Web sites more attractive, your own PC is also at risk for several reasons. First, it is much easier to subvert than most Web sites, and hacking tools are widely available to anyone. Second, your PC probably has information, such as your bank account number, credit card number, and social security number, which would be valuable to a criminal and disastrous to you. Third, even if your PC has no financial data, a vandal might find it fun to delete a few files. As a result, I recommend that everyone who uses the Internet, also use a firewall, especially if they have cable modem or DSL access.     To understand what a firewall does, we first must understand a little about how PCs communicate over the Internet. Data is divided into small chunks called packets, each of which contains the addresses of the sender and receiver as well as the data. Thus sending information over the Internet is like sending a stream of postcards. The same scheme is used, whether you are sending an e-mail, downloading a Web site screen, or listening to Internet radio. The addresses are groups of digits, separated by decimal points, such as 10.212.153.122; this is called an Internet Protocol (IP) address. Your Internet Service Provider (ISP) makes available a Domain Name Server (DNS) that translates more familiar Universal Resource Locator (URL) addresses, such as n2nd@att.net, to all-digit IP addresses. Another important part of the address is the port. Every PC program that communicates over the Internet has its own port number, and each packet contains it. As a result when a packet arrives, your PC knows which program needs it. This allows you to send email and download a Web page at the same time.     Firewalls for home PCs inspect each packet and discard it if it could be harmful; this process is called packet filtering or packet sniffing. For example, it would discard packets addressed to ports 20 and 21 (ftp) and 23 (telnet), which transfers files and implements remote terminals, respectively. The firewall has to be smart enough to allow ftp file transfers if you've requested a download, but it would never allow a telnet connection, since this would give someone control of your PC. Smarter firewalls also monitor the communication flow, because hackers can	sometimes gain control of your PC by not following the rules. For example, they might send a reply packet when you hadn't asked for one, or they might send a very long response when you expected a short one. Programs are supposed to protect against such protocol violations, but not all do, and hackers try to exploit these flaws.     PCs that access the Internet through a cable modem or DSL are more vulnerable than those using dial-up access. This is because each time you log on with dial-up, your ISP assigns a different IP address, but with high-speed access you use the same one every time. If a hacker breaks into a PC using high-speed access, he or she can find it again, but with dial-up, the hacker must complete his work before you hang up. Also, people with high-speed access are usually connected all the time their PCs are on, while with dial-up, they are connected only when using the Internet. Thus, hackers have a much better chance of finding cable and DSL users.     A firewall can be a program that runs on your PC, or it can run on a separate PC through which your PC communicates with the Internet. Most home users will choose a software firewall, such as Norton Personal Firewall or BlackIce Defender. Hardware firewalls, such the Linksys router, can be safer but are more expensive. (Software firewalls typically cost from $40 to $70, while hardware firewalls are $150 and up.) A software firewall runs on your PC along with all the other programs that your PC is juggling, typically dozens at a time. That so much is going on at once makes it more difficult to catch problems.     A hardware firewall has a much simpler job; the only program running is the firewall, which greatly reduces the chances for mischief. (Of course, whether a particular hardware firewall is more secure than a particular software one depends on how well each is implemented.) You can also buy a hardware router, but be careful. Routers act as switches to allow several PCs to share the same Internet connection, and although many also contain firewall features, not all do. A Router that doesn't include firewalls is not sufficient protection. Gateways are more complex and usually are used to protect Web sites and mail servers rather than individual PCs. However, not all manufacturers use the same names for their products.     You may find that a firewall limits what you can do on the Internet. For example, it may hinder audio streaming or participation in chat sessions. You can often get around this by reducing the protection level, although you will probably want to restore your protection level when you aren't using the riskier service.     For more information, including recommendations on specific products, go to www.pcmag.com or www.pcworld.com and search for firewall.     Copyright Brookdale Computer Users Group
Number 235 - November 2002