The last couple of days I’ve been discussing firewalls and comparisons of firewalls. But, if you don’t have any idea what a firewall really is, then it’s all Greek to you. Kind of like how medicine is Greek to me (because I don’t know anything about it). Hopefully I’ll be able to change that for you.
What is a firewall?
According to Howstuffworks, a firewall is defined as “a barrier to keep destructive forces away from your property.” The concept is similar to firewalls and fire doors inside of buildings. It can be either software based or hardware based. The software based firewalls would be similar to the ones that I compared and recommended in yesterday’s post.
Hardware based firewalls are the “NAT” systems that are included in modern-day broadband modems and routers. They can also be a computer or other device that is specifically configured as a firewall (with a limited or no operating system). The m0n0wall project is a really good example of this.
There are two analogies that I normally use to describe a firewall. The first one is that it’s like a Security Guard at the doors to your computer. It directs traffic in and out, based on whether you have told it to allow the traffic. If not, then it sends it packing (in reality, it causes the packets of information to drop out of existence).
The second analogy is to imagine your computer as a house with 65,535 doors in it. Without a firewall, every one of those doors is wide open. The firewall closes and locks the doors, and hides them from the outside. The only way someone can get into the computer is if you invite them in (initiate a connection to them), or open the door (open a port on the firewall and direct it to your computer).
Even in the second analogy, the firewall acts like a traffic cop. The first time (or subsequent times if you don’t opt to have it remember your choice) that you try to access the Internet, the firewall asks you for permission to let the program open a port. It **should** also ask you if a program that you’ve told it to always allow has changed in any way.
What should I look for in a firewall?
There are a lot of features in firewalls, and a lot of things you should look for. I’ll list some of the things that I find are most important.
- The ability to completely stealth your computer. Most firewalls provide this feature. If they don’t specifically tell you, then you can use different sites to find out.
- Ease of Configuration. If you can’t figure out how to set the firewall up, or where to change things, then it’s worthless to you. You’ll eventually turn it off, or uninstall it completely. You should be able to quickly add or remove programs to the list (allow or deny) and change settings for each program.
- Privacy Blocking. If your firewall allows you to set up Ad-blocking or other privacy blocking features, use them. If you find that sites you normally have no problem with are starting to act up, then try tweaking the Ad-Blocking and Privacy Blocking settings (or turn them off if they don’t stop the problem).
- Port Forwarding. This is mainly true in hardware firewalls, or systems like m0n0wall. Since the firewall is on a device between your computer and the Internet, you want to be able to forward any needed ports to your computer. Some common ports that are forwarded are Port 80 (Web servers), Port 20 or 21 (FTP Programs), 3389 (Remote Desktop on Windows), and 443 (SSL). If you don’t know what these are (or what their associated applications are) then you most likely don’t want them forwarded anywhere.
- Ability to set “Zones”. By Zones, I mean Trusted and Untrusted security zones. Typically if you’re running a home network, then the IP range for your network should be “Trusted”. Otherwise everything else should be “Untrusted.” Trusted will have lower security restrictions than the Untrusted zone. Along with this, you should be able to change the security levels for each zone individually.
- UPnP pass-through. UPnP is the Universal Plug n Play standard. It’s the standard that allows programs like MSN Messenger to open ports as it needs them (without having to be tied to specific ones). If you don’t have the capability in your firewall, you’ll have to open the port ranges that the program uses. Typically 1024 through 65535, which is all of the higher-level ports. If you’re going to do that, you may as well not have a firewall, and you may as well not go online.
Now granted… There are people who don’t use a firewall. Or they only use the Windows Firewall. But, they are very very very very careful about where they go. But I would say it’s more like playing Russian roulette than being safe. Eventually, they’re going to hit a site that has been hacked. And when that happens, they’re totally at the mercy of the malware that’s lurking there.
How can I test to see if my firewall is good enough?
Ahhh, this is where I get to pimp sites.. These are the sites where you can test your firewall settings (and computer security altogether).
HackerWatch Something to note from HackerWatch’s site. Their advanced port scanner actually points to PCFlank.
AuditMyPC On this site, you’ll scroll down near the bottom and enter your IP address in the box (this is their version of the “I Agree” button or box found on most sites).
FirewallLeakTester This is one site that I would take with a grain of salt. because it ranks some of the firewalls that the comparison sites I mentioned yesterday differently. One notable thing is it also tests your antivirus program out. The programs that you download and run are safe, but some antivirus programs will alert on them.
You can find other security testing sites by searching for them. If you do use the sites, I recommend trying the scans more than once, and also trying more than one site. That way, you’re going to have a more accurate representation of whether your firewall is doing it’s job.
Have a great day everyone:)