minitutorials main logo the place to learn online

Sponsor This Site!
Sponsorship Details - miniTutorials is taking enquiries into various Sponsorship opportunities. Available NOW! Read More on our Sponsorship page.
Discussion Forums
visit the mini tutorial forums
For expert help and advice on any of our Tutorials or anything else .... visit the forums and ask away!!

Last Five Posts :-

Click on a Topic Title
Google Ads

Firewalls & Security

web design logo

 

Firewalls

What is a Firewall ?

Comprises 1 section over 2 pages

O'Reilly's 'Building Internet Firewalls', a generally accepted classic on the subject, has this to say:

'The world is full of people eager to assure you that something is not a firewall; it's "just a packet filter" or maybe it's "better than a mere firewall". If it's supposed to keep the bad guys out of your network, it's a firewall. If it succeeds in keeping the bad guys out, while still letting you happily use your network, it's a good firewall; if it doesn't, it's a bad firewall. That's all there is to it.'
Zwicky, Cooper & Chapman, 2000.

Traditionally a firewall has been seen as a dedicated device, or a system of dedicated devices, intended to control the data going in to and out of a computer network. The point of this control is to make sure that only the data that the network's owners want, is allowed to go in or out. There are a couple of points to pick up on from this:

'dedicated device' - this means that the computer, (sometimes a specialised one called a router) does nothing else but it's firewall duties. It does not hold any useful data, or do any other work.
'network' - all this talk of networks comes from the fact that until relatively recently the only people who had firewalls were organistations with many computers.

In recent times, though, we have seen the appearance of a product called a 'personal firewall'. This is a piece of software that runs on a single computer, most often a home PC, connecting to the Internet via a modem. You can see that this doesn't meet either of the criteria above - the computer it's running on isn't dedicated to the task of security, it has all the owner's private data on there as well. It is probably protecting only that single PC, not a whole network. So is it a firewall? Well, given that it is the closest thing to a firewall that the majority of home computer users will see; that marketeers have already established the name 'personal firewall' for this type of product, and that it's purpose is to keep the bad guys out, we'll say for the purposes of this conference that it's a firewall.

So what does a firewall actually do? There are very thick books around that answer this question, but in brief, a firewall examines electronic data coming in to or out of a computer (or network) and compares it to rules it has been given. If that data matches the rules which say it is OK, it will let the data pass. If it doesn't, it blocks the data. Other FAQs will go in to more detail about such subjects as how the data is constructed and what precisely the firewall is looking for, but that will do as a working definitition.

Do I need one?

Ah, the $64,000 question. One perfectly valid reason for using a firewall is because you are interested in computer security and want to learn more about them. Other FAQs deal with the various free or cheap firewalls available, and they vary in sophistication. Some are easier to configure than others, and some let you delve in to the workings. If you are doing it to learn then one of the latter types is for you. One note of caution here. A simple but well set up firewall is likely to give you better protection than an all singing, all dancing one which you have only a vague understanding of. Complexity does not a good firewall make if you don't fully understand how to use that complexity. Start with the basics.

If you are spending prolonged amounts of time connected to the Internet, or perhaps you have a permanent connection, then you should seriously consider installing firewall software. There are plenty of people out on the Net looking for easy pickings, i.e. vulnerable computers they can attack, ideally gain control of, and then use for other purposes. Yes, it is possible to configure most computers to be safe on the Net without using a firewall, however, this a) usually requires more specialist knowledge and care than is needed to install a personal firewall product, and b) means that you must be even more careful than usual of any changes you make to your computer's configuration lest you inadvertantly create a vulnerability. Even if you do not feel that there is anything of value on your computer, if you are unknowingly making your machine available for use in attacks on other people you are being irresponsible.

An important note here is that a firewall is not the be all and end all. It is part of your security. You must also have up to date anti-virus software, and the most important protection of all, common sense concerning how you use your computer and what software you install. If you use multiple layers of security you stand a chance that if one layer fails, another will catch the problem.

If you connect to the Net via a modem, spend very little time connected, and don't install software from anywhere but highly trusted sources, the chances are you don't need a firewall. I would suggest you still need up to date antivirus software unless you can add 'receiving email' to the list of things you don't do. But hey, where's the fun in all that?

[1][ 2 ]

 

About Us | Site Map | Privacy Policy | Accessibility |Contact Us | ©2003 - 2006 miniTutorials.com