|
Firewall
A computer or device on a network
that manages network resources. For
example, a file server is a computer and
storage device dedicated to storing
files. Any user on the network can store
files on the server. A print server is a
computer that manages one or more
printers, and a network server is a
computer that manages network traffic. A
database server is a computer system
that processes database queries.
Servers are often dedicated, meaning
that they perform no other tasks besides
their server tasks. On multiprocessing
operating systems, however, a single
computer can execute several programs at
once. A server in this case could refer
to the program that is managing
resources rather than the entire
computer.
Firewalls protect your system
If you spend a lot of time on the
internet and you are not behind a
firewall, then you are living on
borrowed time. Putting some protection
between you and the internet is probably
the third most important thing that you
can do (after getting virus checking
software and performing regular
backups).
The diagram to the left shows an
unprotected system using a DSL modem. As
you can see, someone on the internet can
attack the computer system easily as the
DSL modem provides no protection (some
DSL modems have built-in firewalls). An
attacker can get through any type of
modem - DSL, cable, 56K, 28.8 or
whatever. If the device gets you on the
internet, you are vulnerable.
For those with a DSL, cable modem or
other "always-on" connection, you MUST
get a firewall. This is critical, as
your machine is always live and it most
likely has a fixed IP address. This
makes it easier for your system to be
"found" and attacked.
What a personal firewall does is
isolate your computer from the rest of
the internet. It does this by inspecting
each packet of data to determine if it
it should be allowed to get to (and in
some cases from your machine.) The best
protection completely hides your
computer - this is called stealth mode.
You have the option of installing a
software firewall or a hardware
firewall.
Software Firewall - A software firewall
runs on your computer system in the
background. It intercepts each network
request and determines if the request is
valid or not. Software firewalls offer
the following advantages:
They are generally very inexpensive
They are very easy to configure
They have the following disadvantages:
Since they run on your computer they
require resources (CPU, memory and disk
space) from your system.
They can introduce incompatibilities
into your operating system.
You must install exactly the correct
version for your operating system.
You must purchase one copy for each
system on your home network.
Hardware Firewall - A hardware firewall
is generally a small box which sits
between your computer and your modem. In
general, hardware firewalls have the
following advantages:
They tend to provide more complete
protection than software firewalls
A hardware firewall can protect more
than one system at a time
They do not effect system performance
since they do not run on your system.
They are independent of your
operating system and applications.
They have the following disadvantages:
They tend to be expensive, although
if you have a number of machines to
protect it can cost less to purchase one
hardware firewall than a number of
copies of a software product.
Since they do not run on your computer,
they can be challenging to configure.
Firewall mixture - In my mind, the
best protection is a combination of both
hardware and software firewalls. This is
the ideal, since both have different
advantages and disadvantages.
Personally, I use a SonicWall hardware
firewall combined with ZoneAlarm Pro,
which is installed on my Windows 2000
Professional system. The SonicWall
protects my home network since it sits
between the hub and the DSL modem, and
ZoneAlarm Pro offers some additional
protection for each system.
Testing Your Firewall - To test your
firewall, surf to http://www.grc.com and
request a probe. You will be given a
very good report of exactly what issues
were found and what to do about them.
Once the probe is finished several
excellent personal firewall products are
recommended. My personal favorite is
ZoneAlarm Pro, primarily because it's
protection is excellent and it is
trivial to use.
Some Firewalls - A selection of
personal firewalls is listed below.
ZoneAlarm Pro - By far the best
software firewall available. ZoneAlarm
offers protection from both incoming
connections and outgoing connections. It
is also extremely easy to configure, has
low system impact and is very
inexpensive (a free version is also
available).
Norton Internet Security 2001 (which
was the AtGuard product from WRQ until a
few months ago). Norton is a reasonable
firewall, although it does have some
vulnerabilities. It offers weak
protection from outgoing connections and
is somewhat difficult to configure if
you want it to operate differently from
the default.
BlackIce - An okay choice in
firewalls. Much easier than Norton to
configure, but with the same
vulnerabilities.
What I've done on my system is:
Used a SonicWall hardware firewall to
protect my entire home network.
Installed ZoneAlarm Pro on each system
to provide additional safety
And installed Norton Internet Security
for it's privacy protection.
Due to the rapidly changing nature of
the internet, it's very important to be
continually monitoring security issues.
You may purchase the perfect personal
firewall today, only to find out in six
months that it's been hacked to pieces.
So be sure to be looking around, and be
ready to get a newer and better product
quickly. This is not one of those issues
where you can scrimp and save. Your
system is at risk.
http://www.justvb.net/it/ |