FirewallsBy Rich Eichacker With the release of Windows XP SP2 attention has shifted from anti-virus programs to firewalls in the battle against malicious software. This is especially true for those who discovered that after installing SP2, many of their internet-based programs stopped working. A firewall protects your computer at the network port level (whereas an anti-virus program protects your files). Port attacks can occur anytime your computer is connected to the internet. This is especially critical for broadband users who are typically connected continuously and also typically have an IP address that doesn’t change (unlike dial-up connections where the IP address changes with each phone call). Incoming traffic is stopped by the firewall if it is data that wasn’t requested by your system. Ideally, a firewall should also guard against outgoing traffic as well as incoming. By monitoring outgoing traffic, the firewall can stop Trojans from using your computer to initiate denial of service attacks or transmitting personal information. A router allows LAN users to share a broadband connection. Most routers today have internal firewalls and provide additional protection through Network Address Translation (NAT). NAT hides the IP addresses of the LAN computers from the external IP address seen on the internet. A NAT router can provide protection even for a single computer connected to the internet. “Personal firewalls”, such as ZoneAlarm, protect your computer by monitoring traffic going in and out of your computer. If you own one of these products, you may have noticed that the software will periodically prompt you to allow outbound traffic from a program. In most cases, the program sending the data is easily identifiable in the firewall’s warning message and you can probably allow the traffic to pass. A good example of this is with RealPlayer or Norton Antivirus. These programs will use your internet connection to download updates and denying them access may be detrimental to their performance. On the other hand, a malicious program (Trojan) may trigger a firewall warning message and if you don’t prohibit the traffic you will allow the Trojan to do it’s mischief. The big problem most users are finding is how to determine which type of program (good or bad) the firewall has flagged. In most cases the message displayed by the firewall does little to indicate whether the user should allow the program or not. Hopefully, in the future, firewall manufacturers will improve the software so that user’s can make better decisions. In the meantime, it benefits you to do some research before permitting a program access to the internet. For maximum protection, I recommend using a 3rd party firewall. Microsoft, despite it’s best intents, included a firewall in SP2 that only filters incoming traffic, leaving your system vulnerable to Trojans and other nasties.
Firewall Software... Winter 2005 -Volume 15, Number 1
|
|
All articles are copyrighted by the authors in the year published. |