Firewalls

EDGE · Guest

A lot of people get told "You need a firewall," yet hardly anyone is told why. So I have decided to write up this article to try and explain the firewall's purpose in the grand scheme of computer security.

What is a firewall?
A firewall is software, even if someone tells you that there are hardware firewalls. A hardware firewall is just a mini-computer devoted to running firewall software. Most routers will have a firewall installed on them, thereby being called a hardware firewall.

What does it do?
The most important question. Simply put a firewall is used to block/unblock internet traffic to/from your computer. The internet is based on a protocol (TCP/IP) that split your connection into 'ports.' This keeps programs from getting confused about where information is supposed to go. For example:

I am surfing the internet using Firefox, it uses port 80 which is designated as the WWW port.
I use WS_FTP to do large file transfers between my computer and the server that I am working on, FTP uses port 21.
I am broadcasting a Shoutcast radio station so that I can hear my MP3s anywhere in the world without taking them with me, Shoutcast by default uses port 8000 for the server and 8001 for the downstream.

So there are all these ports that are used for sending and receiving information simultaneously without confusing the programs.

The security flaw here is that programs 'listen' for traffic to come in on these ports. So when Firefox sends it's request to www.warriormatrix.com on port 80, the server that is hosting www.warriormatrix.com is waiting for a certain command to "serve" the web pages. So the server is always 'listening' to port 80 for traffic. This is where the security flaw comes in. A "hacker" (I use this term very loosely and only provide it so that everyone understands, but I should say that not every person who hacks is a malicious hacker.) could send a command to a specified port and if they receive a response, continue to look for vulnerable ports. I am not going to go into full detail on this for obvious reasons.

So a firewall's job is to only allow traffic through secure ports. Secure ports are ports running software with no known exploits. A good firewall will not respond to a 'port scan,' effectively masking the computer from the outside world. A firewall cannot prevent an attack if insecure ports are left open, or if someone is 'listening in.' once the traffic leaves the firewall - there is nothing you can do to stop a determined person. That is why encryption is so important.

Software vs. Hardware firewalls.
Okay I stated before that there is no difference in the two. There is only one advantage to a "hardware" firewall. Due to the simple fact that it is a separate mini-computer, a router allows you to a) not run an extra memory hogging program on your workstation and b) If a 'hacker' does get past the firewall, they *should* only have access to the router, not your personal computer. There are always exceptions.

So to recap, a firewall is basically just a first-line of defense. It cannot protect you 100%.

Giany · Joined: 02 Sep 2005 Posts: 15 Location: Toronto, ON

Also there's benefit in using ProtoWall, to block any accesses from outside from any blacklisted ip address that are found in a quite big list.

For more information go to Protowall
Also look there at Blocklist manager

Giany

Jourdelune · Joined: 16 Dec 2009 Posts: 126

I use Comodo Firewall (only the firewall). It's free and complete. All your firewall needs in one apps.

Stealth your port (your port don't answer) for all incoming connection that you have not initiated or approved.

Perhaps a bit hard to use, with all the features there... it's like a super intelligent router.

Jourdelune