Protect your home PC with an inexpensive (Free) firewall - Firewalls Explained

Protect your home PC with an inexpensive (Free) firewall - Firewalls Explained
Page content

Do I need one?

Imagine if someone broke into your house and stole your computer or laptop. While the violation of a break in and losing irreplaceable home movies and pictures has a great emotional cost and replacing those systems has a real monetary cost, what about the data on that hard drive? Is your tax information worth something to an identity thief? What about your banking, shopping and other account information? With a physical break-in there is a chance that person will be caught and your computer returned. An electronic break-in however rarely results in arrests and once your information is “in the wild” it is impossible to get back. Your 1st (and often last) line of defense against this type of incident is a firewall to protect your computer’s data from would-be data thieves.

What is a firewall?

In firefighting, a firewall is a barrier established to prevent the spread of fire. Firewall as a component of a computer network can be implemented in any combination of software and hardware that filters all network traffic between a user computer, home or company network, and the Internet. In most general terms firewalls are network “bouncers” that allow specified traffic through specified doors or ports.

Firewalls insure this barrier by having all traffic from inside to outside and from outside to inside the network pass through it. Or in the case of a single PC network in and out of that PC. Then only authorized traffic, as defined by the security policy, is allowed to pass through it. The firewall itself is (hopefully) immune to penetration.

Firewall placement

Most organizations place a firewall at the Internet entry point of their networks. The firewall provides a defense between a network and the Internet or between a network and any other network that could pose a threat.

By employing firewalls to control connectivity to these areas, an organization can prevent unauthorized access to the respective systems and resources within the more sensitive areas. Networks inside the firewall are referred to as trusted, whereas networks located outside the firewall are called untrusted. For example, one security policy a firewall might enforce is to allow all HTTP (Web) traffic to pass back and forth, but disallow FTP or Telnet requests either into or out of the protected network. Ideally, firewall protection should prevent access to networks inside the firewall by unauthorized users, and thus prevent protected networks and data files.

Firewall Software vs. Hardware Firewalls

Small business firewall software is one method used to protect computers against hacker attacks and other Internet threats. Small business firewall software and hardware solutions are both designed to block unauthorized access to computers. Firewalls help prevent hackers from intercepting private data or planting Trojan horses or other Internet threats on your networked computers.

To safeguard all your company’s computers, however, each one must have a software firewall installed. A small business firewall software program is installed on each individual PC it’s meant to protect. This can become expensive and difficult to maintain and support. In addition, small business firewall software may require each individual user to make decisions about allowing or denying a program’s requested access to the Internet (which helps prevent malware from sending proprietary information from your computer over the Internet, among other things). Users without much computer or security experience may be uncomfortable handling the requests and alerts that small business firewall software presents to them. The Windows XP built in firewall software is simple and effective protection from inbound traffic. In order o control outbound traffic and for other features, consider a secondary product.

Hardware-based firewalls protect all the computers on your network. A hardware-based firewall is easier to maintain and administer than individual software firewalls. Many ISP provided systems have a hardware firewall already built in and pre-configured.

The ideal solution for small businesses is a hardware firewall integrated into a comprehensive security solution. In addition to a firewall, the solution should include virtual private network (VPN) support, antivirus, antispam, antispyware, content filtering, and other security technologies. At a minimum, you also need anti-virus and anti-spyware software to provide a reasonable level of security. You may also want software for email encryption, trojan detection and removal, cookie manager or cleaner, ad blocker, personal data privacy, and parental controls for content filtering.

Firewall Software

When protecting a single PC, firewall software is almost always the best way to go. Scot Finnie has been writing a free newsletter for years about the subject. In March, Scot wrote The Best Firewall Software of 2008: Online Armor which was the final chapter in his 19 month investigation of firewalls. That’s not a typo, he spent a year and a half researching firewalls. The scope of this research illustrates the importance and the impact that firewall technology has on our current computing environment.

Zone Alarm

The granddaddy of firewall software is the free version of ZoneAlarm. The recent upgrade from version 6 to 7 was a put-off. The file size increased tremendously (it’s now 44.6MB) and the functionality hardly changed at all. That made me suspicious of what all that extra code was there for. A few days ago, when a bug fix for Windows broke ZoneAlarm, and no other firewalls, it lost my confidence.

Never use two personal firewall software products at the same time. Fully uninstall one before installing another to prevent compatibility problems. After installation, be sure to test it with an online service like Security Space to make sure that it is configured correctly.

Online Armor 2.1

There is a free and a paid version of Online Armor, Scot reviewed and recommended the paid version. “Tall Emu’s Online Armor 2.1 is The Scot’s Newsletter Blog Best Firewall Software of 2008 … [with] the best blend of a high degree of protection with a high level of usability.”

A big reason I liked ZoneAlarm was ease of use. When it popped up an alert, the explanation of why was simple and clear. Likewise granting permissions to programs couldn’t have been easier. Ease of use was a big reason that Scot recommended Online Armor, saying “Online Armor’s user experience is on par with ZoneAlarm Free and Sunbelt Personal Firewall – the two firewalls I’ve pointed to in the past as having the best user interfaces in this field.”

Part of this entails running silently, after the initial getting-to-know-you period that any firewall requires. “When pop-ups are too repetitive or too frequent, it’s only human nature for a large segment of the user base to start ignoring them. That behavior leads to a severe loss of security.”

The criteria Scot used in his evaluation were “usability, company support, stability, compatibility, and bug resolution”.

One possible drawback of this firewall is that it is not an all-encompassing software suite. Both his recommended firewall programs are just that, firewalls. Nothing more. Also Vista users are out of luck, Online Armor only works with Windows XP (32 bit only) and Windows 2000.

Hardware firewalls

If you are looking to step up your security game a hardware firewall is the next level of security. There is a difference between a router with firewall features and a hardware firewall in terms of features and price. Lower cost products provide a DHCP server, PAT/NAT services, 1-8 physical ports to network computers and/or wireless service. NAT hides your computer(s) from the Internet which makes it a simple but effective firewall.

Higher cost products, but still under $200, provide additional features like built-in stateful packet inspection (SPI), support for Virtual Private Networking (VPN), Public Key Infrastructure (PKI), content filters, anti-virus protection, and more. The best choice is a combination of personal firewall software and a hardware router with firewall features (wired or wireless). They can be used in addition to a software firewall on each computer because they run on a separate box preventing most compatibility problems.

Configuring these devices is not for the faint of heart and if mis-configured knock the entire network offline. Recently I disabled my VOIP service by unknowingly increasing my security level on my firewall. After a frustrated phone tech and I troubleshoot it for 45 minutes I (almost by accident again) lowered my firewall setting and got a dial tone back. Having worked in phone support for years I know when asking the caller “Did you change anything?” and always hearing “No.” it was usually a lie. (Of omission or ignorance) Being on the other side of that is just embarrassing.

D-Link DIR-655 Extreme N Wireless Router includes WPA & WPA2 and dual active firewalls (NAT+SPI). The optional Secure Spot 2.0 security package available directly from D-Link adds parental controls, safe surfing/searching, remote management, anti-virus/antispyware protection with McAfee® technology, internet usage time scheduling and activity reporting, web-managed firewall, access control for Internet usage, application control (blocking and scheduling), spam control and identity protection. It affords tremendous customization capabilities and allows advanced users the latitude they can expect from a well-built router. The menus however, are overcrowded and maneuvering to a specified setting can be a pain. A simple task like port forwarding, which should take a few seconds to configure, took almost five minutes to find, configure, and implement.