In a large agency with many workstations and an IT staff, a hardware firewall managed at the server level is probably already in place. This article focuses on the small agency or stand-alone computer - including the laptop your employee takes home from the office or computers used by telecommuting employees - that would benefit from a personal firewall. With the proliferation of always-on Internet connections (DSL, ISDN, T1, etc.) almost any computer is now vulnerable to attack by Denial of Service, Trojan Horse programs, and viruses.
What is a firewall?
A firewall is a hardware and/or software mechanism deployed between your PC (or network) and any other network (including the Internet) that watches for attempts at unauthorized access. All messages to and from the outside must pass through the firewall, which looks at each message and tries to determine if it's legitimate.
Why should you have one? Traffic that doesn't meet security criteria can be blocked, resulting in a safer connection. While not really 100% hacker-proof, a firewall makes your computer much more difficult to break into and should discourage a would-be hacker.
Anyone who is responsible for a private network that is connected to a public network needs firewall protection. And anyone who connects a single computer to the Internet should have personal firewall software. Many dial-up Internet users believe that no malicious intruder could possibly be motivated to break into their computer. However, irresponsible hackers can use automated robots to scan random IP addresses and attack any vulnerable computer.
How firewalls work
A firewall enables a network to be segmented into different physical subnetworks, limiting the damage that could spread from one subnet to another, just like fire doors in large buildings or the firewall in your car. A firewall filters incoming and outgoing traffic and can be used to manage public access to private resources such as host applications.
A firewall works by denying or allowing traffic based on certain criteria. The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another. Firewalls may be concerned with the type of traffic, or with the source or destination addresses and ports, and may use complex rules that analyze the application data to determine if the traffic should be allowed through. There are four broad categories of firewalls: packet filters, circuit level gateways, application level gateways, and stateful multilayer inspection firewalls.
Firewalls protect private local area networks from hostile intrusion from the Internet. Firewalls can also allow network administrators to offer access to specific types of Internet services to selected LAN users. This selectivity is an essential part of any information management program, and involves not only protecting private information assets, but also knowing who has access to what. Privileges can be granted according to job needs rather than on an all-or-nothing basis.
Test your computer
Check out the Gibson Research Corporation (www.grc.com) site to test your computer's vulnerability to hacking. Run the Shields Up and Leak Test programs and run Patch Work if you are running a Windows NT product. While the company sells a hard disk data recovery program, it also offers several free programs including Shields Up and Leak Test, as well as a utility to test your Zip and Jazz drive, plus includes a substantial amount of information about hackers, denial of service attacks, and other security information. After running Shields Up and Leak Test, I was happy to find that my computer was determined to be "safe" from attack at this point.
Even if you are using another firewall product, take a look at Sygate's various scans and probes (scan.sygatetech.com). You might want to let Sygate scan your system ports to see whether they are blocked (good) or open (not good), whether there are active Trojan Horse programs at any of the ports, and whether there are open services on any of the TCP ports. Sygate also plans additional scans that will be implemented in the future. The scan report not only shows the status of ports, but also provides information about what each port is used for.
Three for free
While many firewall programs come with a price tag, others for personal use are actually free. Here are three.
Sygate Personal Firewall (www.sygate.com) is easy to install and use. It intercepts each program's attempt to access the Internet and asks whether you want to give permission. There is a check box that lets you make the choice "permanent" so you aren't bothered every time you use a browser or e-mail program. Once I gave permission for Explorer and Outlook to always connect, and said that Microsoft and Quicken updates were not to automatically connect, the firewall was completely unobtrusive. The software creates security, system, traffic, and packet logs which can be filtered for various time periods so you can check what it is allowing and blocking. In the applications list, you can change your preferences for whether access is blocked, allowed, or require the firewall program to ask each time an application attempts to connect. You can also "back trace" any logged item. Just right-click on the item and it will show you the route back to the source. Then click "Whois" for information about the originator. Sygate is free for individuals, and available for free trial by businesses. Business user licenses are available starting at $40. Sygate also sells other security and network products, including a program for wireless LANs.
Tiny Personal Firewall (www.tinysoftware.com/pwall.php) sounds great. Unfortunately, it caused problems with my system. As soon as I installed it, I was unable to access the Internet (how's that for protection?). Even after uninstalling the program, I had problems with my browser that took two days to track down and correct. Tiny's technical support was responsive. I was asked to leave a message (on their toll-free number), and they got back to me the next day. Unfortunately, they had no suggestions for me because they "never had any problems with the program." Tiny is free for individuals. Business users are encouraged to download the free program for evaluation, then purchase volume licenses starting at $39 for up to 9 users. The price drops with higher quantities. Like Syquest, Tiny also offers higher-end programs.
Zone Alarm (www.zonelabs.com) is a quite popular program that has received lots of good reviews. I've used it in the past and found it very easy to install and use. It provides a screen with a list of the programs you have enabled/disabled from accessing the internet. Those choices can be changed easily by checking or unchecking the appropriate items. It keeps a log of alerts, although I haven't received any (even when using the Sygate probes). Zone Alarm Pro costs $40.
But a firewall is not enough
There is more to your electronic security than a firewall. Because a firewall cannot prevent individual users with modems from getting into or out of the network, or from revealing user names and passwords (whether deliberately or through carelessness), an overall security policy needs to be in place. Additionally, up-to-date anti-virus software is critical to your overall electronic security. And, if you do have an always-on Internet connection, turn off your computer when you're not using it. That's the only kind of protection that comes with a guarantee. A computer that is not connected to the Internet cannot be hacked.
A Sampling of Security Resources on the Web
SecurityFocus.com (www.securityfocus.com). Here is an excellent site with an incredible volume of information about Internet security in the following categories: News, Vulnerabilities, Tools, Library, Products, Services, Bugtraq (BugTraq is a moderated mailing list for the discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them) and more. This site has a repository of references to security articles from a variety of sources, plus discussion groups and product reviews.
McAfee (http://vil.nai.com/vil/default.asp). While McAfee obviously has an anti-virus product to sell, there is lots of information (in the AVERT Research Center) on this site about viruses, plus a large glossary of virus-related terms. Check out the Virus Information Library for detailed information about specific viruses.
The Firewall Q&A on the Vicomsoft site (www.vicomsoft.com) provides a plain-English explanation of firewalls and related information. They sell a variety of Internet-related products including Internet Gateway, with three versions to protect small to large networks.
SANS Institute Resources (www.sans.org/topten.htm) includes an informative "How To Eliminate The Ten Most Critical Internet Security Threats" article.
The CERT® Coordination Center (CERT/CC) (www.cert.org) is a center of Internet security expertise at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. This group studies Internet security vulnerabilities, handles computer security incidents, publishes security alerts, researches long-term changes in networked systems, and develops information and training to help you improve security at your site.
Symantec (www.symantec.com) has a free security check and a security response page that details the latest virus threats and security advisories.
Internet Security Systems (www.iss.net) has a searchable database of security threats.
© Copyright 2001 by Sound Internet Strategy. All rights reserved