• Home »
• Self-Help Resources »
• Preventing Unauthorized Access »
• Firewalls

Firewalls

Firewall Basics - Software Firewalls - Hardware Firewalls
Testing Your Firewall

About Firewalls

What is a Firewall?

Simply stated, a firewall is a software or hardware product that screens the information coming into and leaving your computer to ensure that there is no unauthorized access to your computer.

Firewalls provide your first line of defense and can help you control what accesses and leaves your computer.

You NEED a Firewall

If you are continually connected to the Internet you cannot afford to be without a firewall.

This includes those using ADSL or a cable modems or connecting through a network. But be sure that your firewall is actually protecting you.

XP's Firewall Insufficient

Microsoft XP's built-in firewall may not be giving you the protection you think you are getting. It will do a great job of hiding your incoming ports from the Web, but what about outbound traffic from ad-ware and spyware you've (knowingly or unknowingly) already installed?

More Connected Than Ever

Most software today wants to "talk" to their home site over the Internet, even if it is only to confirm that you have the most recent components during installation. Many help files are not even located on your computer. Many hardware devices install news or update programs along with the drivers necessary to make them work. Perhaps you can trust the information they are sending, perhaps not. A proper software firewall gives you that control.

Two Types of Firewalls

There are two basic types of computer firewalls:

1. A software firewall is software on your computer that monitors and controls access to specific software programs.
2. A hardware firewall is a router, specially-designed computer, or similar external device that controls the ability of the connected computer(s) to access the Internet and/or to the network (if the computers are networked).

Compare Their Function

Hardware and software firewalls are more adept at different, though complimentary, tasks.

The Software Firewall

A software firewall screens software programs and components asking for access to the Internet. It is an essential part of your protection, particularly if your Internet access is through a broadband connection. As programs are both sending information and receiving information or installing software, be sure your software firewall is effective and that it protects you from outgoing as well as incoming attacks.

The Hardware Firewall

A hardware firewall enhances your protection by hiding your computer(s) from those trying to gain unauthorized access. Typically, a router is the best choice for a hardware firewall since it both protects you and provides for secure shared access to high-speed Internet services for all your computers.

Using a Firewall Effectively

Whatever firewall solution you choose, you should take the following points into considerations when determining the effectiveness of that solution:

• Be aware of the weaknesses of your firewall product.
• Test your firewall regularly.
• Install all available updates to your software firewall.
• Update your hardware firewall's firmware and take advantage of better security options.
• A combination of a software and hardware firewall offers you better protection.
• Windows XP users should turn off the Windows firewall if you have installed a third-party software firewall, particularly after XP Service Pack 2 is installed.

Obtaining More Information About Firewalls

Firewall Resources

• Firewall Q&A.
• Firewall.com.
• Mac Security - a discussion of MacOS X security, firewalls and desktop network security.
• Firewall and Proxy Server HOWTO - a Linux primer for those wishing to protect a Linux system.

Return to top

Software Firewalls

Many Choices - Not All Effective

You can purchase several firewall software packages in retail stores and download and purchase others on-line. The effectiveness of these products varies—see Gibson Research Corporation's evaluations.

Windows XP users should not depend upon the Internet Connection Firewall that comes with XP since it offers no outbound protection at all.

Connection Problems May Be Firewall Issues

Programs that are unable to access the Internet may be having difficulty with your firewall. These articles, related to issues with Firefox access to the Internet, may help you to deal with issues with other programs:

• This MozillaZine article on firewalls deals with various firewalls and how they can stop programs from accessing the Internet. Sometimes you may not know that a firewall is running or it may be misconfigured.
• The top 12 ways to get fooled by firewalls is an interesting list of potential problems with various firewalls.

Avoiding Security Breaches

You should know how to configure the software properly to avoid a security breach.

• Ensure that your firewall is not circumvented by someone with physical access to your computer.
• Don't automatically give permission to any program requesting access - some setup programs may only need access once.
• Personal Internet Firewalls that really work! explains some of the issues.
• ZDNet notes that personal firewalls could leak private info.

ZoneAlarm Recommended

I'm not convinced that firewalls with lists of "acceptable" programs are the safest way to configure a firewall for security. While they may take less hands-on experience to use, an attractive feature to novices and those that just want computers to run without their having to know what is going on, I suspect that these would be more vulnerable. I also like the ability to determine for myself if a program needs access.

I strongly recommend a current version of ZoneAlarm Internet Security Suite or ZoneAlarm Extreme Security.

New ZoneAlarm Page

The section on configuring ZoneAlarm has become such a large part of this page that I moved it into its own page: ZoneAlarm Security.

Return to top

Hardware Firewall Solutions

Get a Router

There are several hardware solutions available from your computer retailer. The most practical for most users is a router which protects all the computers connected to it from outside threats. Most units sold today have four wired outputs (wireless routers have four wired ports and can support up to 253 additional computers via the wireless connection).

Shaw Changes Needed

Shaw (as well as Rogers and other cable companies) can block your computer's access to Shaw services like e-mail and other customer-only services once your computer is behind a router. Instead of using shawmail Victoria Shaw customers will have to use the more exact shawmail.gv.shawcable.net for their e-mail server names.

Similar changes need to be made if you are using proxy or shawnews (newsgroups). See Shaw's Routers And Shaw Server Names for additional information and locations.

Special Needs for Wireless Routers

Because wireless routers are available to anyone within range, you need to take special precautions that are unnecessary for a standard router without wireless capability (because someone needs physical access to these routers to use them).

Secure Your Wireless Router

Wireless routers are secured using encryption. The most commonly used are WEP and WPA variations. What is available to you depends upon both the age of the router and the computers that are going to connect to that router. If you are using a new router but have an old laptop you will be unable to use the most recent (and most secure) methods of encryption unless you purchase suitable external wireless devices or upgrade your computer.

You should never use the defauls for your wireless router as the standards are well known and easily searched out on the Internet. Change the SSID to something meaningful to you and use the most secure protocol you are able to use, remembering that convenience may lead to outside access to your network and, potentially, the information on the computers that use it. If you aren't using wireless, disable the wireless capability on your router.

There is more detailed information about wireless security on Wikipedia.

Update Your Firmware

If you are having trouble with a router, check the manufacturer's site for firmware updates for your router (check for FAQs, firmware and other information under Support).

Be sure that you are selecting the right version for firmware as similarly-named models vary between countries as well as versions. An improperly updated device may cease to work.

Router Manufacturers

These are some of the common manufacturers of routers:

• D-Link.
• Linksys.
• SMC.
• X-Micro.

Back Up Your Hardware Firewall with a Software Firewall

I'd strongly recommend that you install a software firewall in addition, since hardware firewalls are designed to protect you from intrusions, not spyware or viruses that have already been installed onto your computer.

Other Resources

These resources can help to explain some of these issues in greater detail:

• Practically Networked Hardware Router Product Guide.
• Firewall Router Reviews compares several brands and models.
• FAQ: Firewall Forensics (What am I seeing?) helps to explain firewall terms and what your logs are telling you.

Testing Your Firewall

Whatever firewall solution you choose, you need to continue to check for breaches of your security. Hackers are always testing for ways around any solution that is available to the consumer. The following sites and software will enable you to check your current status and verify the integrity of your firewall.

• Gibson Research Corporation offers several tests and offers some solutions.
    -  Shields Up is an online test that will check your ports to see if you are vulnerable. There are several pages describing the problem and what you can do about it.
    -  Leak Test will verify if your firewall is working correctly. No installation is necessary.
• Ensure that your firewall is not circumvented by someone with physical access to your computer.

Return to top

More About Security Issues

The following related pages offer more information about security:

• Security Basics—Preventing Unauthorized Access
• ZoneAlarm Security— Recommended Firewall Products
• Your Privacy At Risk—Spyware Detection & Removal
• Passwords and Encryption—Protecting Your Electronic Signature
• Internet Security Vulnerabilities—Weaknesses in Windows & Internet Software
• Anti-Virus Protection—Current Alerts, Strategies, Hoaxes & Software
• Avoiding Spam & Copyright Abuses—Promote Responsible Net Commerce

PDF Documents

Several documents on this Website are labelled as PDF. You will need the free Acrobat® Reader® to view and print the PDF documents. Get the free Acrobat® Reader®.

Return to top

www.RussHarvey.bc.ca/resources/firewalls.html
Updated: October 2, 2009

[an error occurred while processing this directive]

Skip Navigation

• Site Home
• Web Design »
• Writing & Editing
• Computer Services »
• Self-Help Resources
• Personal Pages
• Contact
• Site Map & Navigation
• Site Search

» Click for sub-menu.