Firewall Security and the Internet
Internet Firewall Protection

An Internet Firewall gets it's name from real Firewalls which stop fire spreading from one section of a building to another. Firewalls are structures which strictly govern access from one section to another. That is exactly what an internet firewall does - limit the movement of data and program instructions in or out of a computer system.

There are two fundamental types of firewalls which are hardware and software, although the difference can be a little misleading. Hardware seldom does much without additional software to direct it, and software cannot even exist without hardware. Software has to be stored somewhere and be able to execute on something.

A Hardware firewall is commonly used between networks - for example between a corporate network and the Internet. The Internet after all, is nothing more than a large set of smaller mutually cooperating networks. Incoming traffic from the Internet is controlled to public access areas or to individual computers on the corporate network. Computers which are part of a corporate network are behind the firewall and can access each other and the Internet.

Internal firewalls within corporate networks are also used, normally to keep resources restricted to certain groups, or to prevent viruses infecting some groups from spreading to others.

Software firewalls also called personal firewalls, are more frequently used in personal computers which connect to the Internet. They are slower than hardware firewalls, which are specialised for that purpose, and they also use resources on the individual's PC.

Firewalls assist in the prevention of unauthorised access to networks and systems by hackers or viruses. They govern both inbound and outbound traffic according to a 'policy' established when the firewall is installed, or later configured. When set up correctly, the policy determines what kind of incoming or outgoing traffic is allowed and also which programs can access the internet.

Browsers, email programs and some auto updating programs (such as antivirus software) all need network access. A personal firewall can be set up to allow this kind of traffic, while preventing others.

Over time, personal firewalls learn which programs can access the Internet by generating alerts the first time a program is run. The user modifies the firewall policy by either allowing or disallowing that particular program to access the Internet. As a rule of thumb, if you don't recognise the program, do not allow it to access the internet. Most installation software will specify what firewall settings are needed to run common programs correctly.

Hackers routinely scan computer networks looking for open ports through which they can gain access to your computer. Ports are individual entry connection points between the computer and the Internet. If a hacker can discover an open port, it can be used to transmit a worm carrying a payload which can give the hacker control over your computer. The majority of firewalls will keep all unused ports closed.

The best personal firewalls not only close ports, they hide their very presence. This means a hacker program scanning for open ports will not get a reply to scan requests, making the system 'invisible'.

However, that does not mean that personal firewalls are perfect. Unlike hardware firewalls, personal firewalls are part of the computer system - they are just another program and are just as exposed to virus attacks as any other. Some viruses target firewalls by changing the policy file. If this happens your computer may become exposed to hackers even when you thought it was safe.

Despite that, connecting to the Internet without utilising a firewall is ill-advised. Open ports are a vulnerability that can be readily exploited by hackers. To protect the integrity of your firewall, be diligent about scanning incoming files for viruses, by the use of antivirus software and avoiding opening unexpected email attachments.

Personal firewalls offer a choice of protection levels depending on whether they are connecting to a private network or to the Internet. For instance, computers on a home network will normally be allowed to share files and access common resources like printers without restriction. In this scenario, the firewall will allow more access than when connecting to the Internet.

Internet access should be more strictly controlled as it far more riskier. In this case, firewalls should be configured to restrict more types of incoming and outgoing data and also close unneeded ports. Ports, as previously mentioned, are standardised numbers used by network software to route traffic.

If all of this sounds as though you need to become a computer genius, don't panic. as most settings are usually configured well by default. When they need modification, automatic alerts are generated to allow the change to be made.

The majority of personal firewalls have two basic components. The first part examines data as it arrives at your computer to decide whether it should be allowed through. The second sets up a policy for specific applications. This policy may be very lax as it simply allows a particular program to access the Internet.

The first component, which is called the packet filter, analyses each and every data packet and either allows it to pass or drops it. Data routed on networks is grouped into chunks called packets, which must comply with a set of rules- aka The Policy, in order to pass. Those packets that fail to meet the rules may signal an alert or simply be dropped, depending on how the firewall has been setup.

The second component, called the application filter, decides whether specific programs can send and receive data through certain ports. For instance, a browser needs access to the Internet, so the policy is configured to allow the sending and receiving of data through Port 80, the standard number.

As your web browser is only using port 80 and all other ports have been blocked by the personal firewall, you would assume that your computer would be secure, but that is not exactly the case..

Application filters are usually set up for specific programs and not the actual components that the program is made up of. Each program may use several individual modules and these modules can become infected. In Windows, these modules often take the form of a DLL or dynamic link library.

Provided that your antivirus program database is up to date, it should be able to detect an infected module. However, if the virus is new and not yet in the antivirus database it could remain hidden. If this happens to your web browser and your personal firewall is allowing traffic to pass based on the application filter, your system is open to attack by hackers, viruses or both.

Personal firewalls do not provide total protection from hackers or viruses. They are effective at keeping average hackers out, but should be supplemented with regularly updated antivirus software and safe file sharing practices.

A rule of thumb for firewalls is that if you do not recognise the visitor, don't let them in