Sunday, 25 April 2010

What's a firewall, and how do I set one up?


Summary: A firewall is critical to keeping your internet connected computer safe. We'll review what a firewall is and the two different types of firewalls.

I keep hearing the term "firewall" and how I need one when I connect my computer to the internet. What's a firewall, why do I need one and how do I set one up?
The bottom line is that a large class of viruses and other types of malware can be prevented simply by using a good firewall.
What's a firewall? Well, in your car it's the "wall" of metal behind the dashboard that sits between you and the engine. Its purpose is to prevent engine fires from roasting you and your passengers.
A firewall for your computer is much the same - its purpose is to keep you from getting burned.

A firewall is at its core very simple: it blocks or filters certain types of network traffic from reaching your computer.
"A firewall is at its core very simple: it blocks or filters certain types of network traffic ..."
What do I mean by "certain types"? There's network traffic you do want to reach your computer: like the pages of web sites you visit or the software you might download. And then there's other traffic you might not want like malicious people or computers trying to access your computer remotely or viruses and worms trying to infect your machine.
A firewall knows the difference. It lets the good stuff in and keeps the bad stuff out.
Firewalls can also usually be configured; they can allow you to say "this kind of connection from the outside is OK". A good example is remote desktop. A firewall may by default block any attempt to connect via remote desktop. But you can also configure the firewall to allow that type of connection to come through. Doing so you would be able to access your computer from another computer, be it across the room or across the internet. But even though you've allowed one type of traffic - remote desktop - other types of traffic like certain types of viruses are still blocked.
Some firewalls will also monitor outgoing traffic for suspicious behavior.
One characteristic of many viruses is that once you're infected they attempt to establish connections to other computers in order to spread. Many software firewalls will detect and either warn you or simply prevent those attempts.
And that leads to a very important distinction. There are two types of firewalls: hardware and software.

  • hardware firewall is just that - a separate box that sits between you and the internet that performs the filtering function. Traffic that is filtered out never even reaches your computer. Even the least expensive broadband router can perform the function of a firewall quite nicely. The downside for a hardware device is that most will not filter outgoing traffic.

  • software firewall is a program that runs on your computer. It operates at the very lowest level, as close to the network interface as possible, and monitors all your network traffic. While all network traffic still reaches your machine, the firewall prevents malicious traffic from getting past it and on to the operating system. The firewall prevents your system from actually noticing or doing anything with malicious traffic.
The good news is that all versions of Windows after XP have a software firewall built in, and all versions after Windows XP SP2 have it turned on by default. In fact, the security center will take steps - perhaps even annoying you in the process - to ensure that the firewall is either turned on or that you're aware of the risks in not having it turned on.
The bad news is that a firewall can't protect you from everything. A firewall is focused on protecting you from threats that arrive via malicious connection attempts over the internet. A firewall will not protect you from things you invite onto your machine yourself such as email, attachments, software downloads and removable hard drives.
But even so, protecting from those network threats is important.
In general, I recommend a hardware firewall such as a broadband router and leaving the Windows firewall turned off. However, regardless of your approach, be it a router, be it the Windows firewall, or be it some other software or hardware solution, some kind of firewall is always a necessary part of keeping your computer safe when connected to the internet.

No comments:

Post a Comment