Firewall Basics: Protect Your PC
By Michael Ross
This article was published by ComputorEdge, issue #2739, 2009-09-25, as the cover article, in both their PDF edition (on pages 7-9) and their website.
Currently there are several different ways of connecting to the Internet, including digital subscriber line (DSL), cable, dial-up, satellite, and mobile phone service. Yet all methods generally fall into one of two major categories: broadband (cable and DSL) and narrowband (i.e., dial-up and any other similarly slower technology). American usage of broadband has increased significantly over the years, although we are still lagging behind other countries in broadband proliferation.
Regardless, more Americans every day are making the transition from dial-up to broadband for their Internet service. They are opting for higher connection speeds, despite the correspondingly higher costs, because broadband confers many benefits — greater download and upload speeds composing the foremost advantage. However, there is a downside to broadband service that is unknown to far too many broadband consumers, and rarely mentioned by broadband service salespeople, if ever.
Back in the days when dial-up was the only option, viruses and other forms of malware were spread from one computer to another through users sharing computer programs, transmitted on diskettes. Sometimes those programs themselves were infected, and other times the boot sector of the diskette turned out to be the malware carrier. Infestation also took place when people downloaded infected programs from dodgy websites. But despite the security threats, everyone knew that if they kept their antivirus applications up to date, and scanned every incoming file — regardless of its source or media — then there was little to no chance of falling victim to malware.
But once people began connecting to the Internet via broadband, the situation changed drastically, and not for the better. Many people simply assumed that their Internet connections were more secure, because they were paying more money for the service — when in fact their computers were now more vulnerable to attack by ill-intentioned hackers trying to break into any computer they can find on the Internet.
Your Global Address
The increased vulnerability is a consequence of the broadband-connected computer having a fixed address on the Internet, which is how online troublemakers can try to directly access your computer. In order to better understand how this is possible, consider the system by which your computer is recognized as a part of the worldwide network known as the Internet.
Computers on the Internet are able to communicate with one another by utilizing the Internet Protocol (IP), a standard that specifies the structure of data exchange (in the form of "packets"), in addition to the addressing used to deliver those packets to their intended destinations. Every machine is given a specific IP address. For instance, the IP address currently used by Yahoo for their main website, is 220.127.116.11. This particular format is known as "dotted quads", and is one of two equally valid formats. In your Web browser's address field, you could use "18.104.22.168" as a valid address, instead of "http://www.yahoo.com/".
When your computer is connected to the Internet via broadband, the IP address assigned to your computer is not permanent and unchanging. All of the broadband Internet service providers (ISPs) are free to assign your computer a new IP address, at any time, for whatever reason (such as troubleshooting your connection). However, most broadband ISPs do not bother changing people's IP addresses frequently, if at all — for many reasons, including wanting to avoid receiving service calls from customers who believe that they have lost their connections to the Internet, and do not know how to reboot their broadband router (so it can detect and begin using the new IP address it has been assigned).
In the past, if and when you used dial-up to connect to the Internet, your computer's modem dialed into the modem bank of your ISP, and your computer was not as directly exposed to the Internet. But now, hackers can use your IP address to try to "probe" all of the possible connection entryways (called "ports") on your computer, to see if any are unprotected and vulnerable to intrusion. If any such open ports are discovered, then the hackers can gain direct access to your computer's files, and then begin destroying your files, using your computer for storing illegal or pornographic material, or turning your machine into a "zombie", designed to spread malware to other unsuspecting users, or engage in denial-of-service (DoS) attacks against any target websites chosen by the hackers.
Yet how do such hackers obtain your IP address? After all, because there are millions upon millions of possible addresses, how do they get your particular one? Sadly, they employ the same technique that telemarketers use to get your phone number: They program their computers to try most possible combinations, and see if they get a "hit". So it's nothing personal. Yet that is cold comfort when you discover to your horror — if you ever do — that some online dirtbags have turned your trusted computer into a slave server hosting despicable content and malware.
Harden Your Defenses
There is, fortunately, a simple and straightforward method of defending yourself (short of disconnecting permanently from the Internet and moving to an electricity-free commune). The method is known as a "firewall", and comes in two varieties — hardware and software. Similar to a building's firewall — designed to keep a raging fire out of parts of the building as long as possible — a computer firewall is intended to keep attackers out of networks and individual computers. The specific methods utilized by computer firewalls to achieve this, can be technically complicated. So we won't go into the details. What is most critical is that firewalls work, and everyone connected to the Internet should use one — regardless of whether they are using broadband or narrowband.
Hardware firewalls are usually found in routers, which are fairly small devices used for routing traffic within a network, including a simple home network that you might set up for allowing everyone in your household to share the same Internet connection. A router acts much like a traffic cop (but without the speeding tickets), sending Internet requests from all of your home computers out through the same Internet connection, and then directing the responses from the Internet back to the appropriate computer in your home network.
There are numerous manufacturers of firewall-strengthened routers, including Belkin and Linksys (now owned by Cisco Systems). A router is either wired or wireless, and is usually not too difficult to set up. Once your router is plugged in properly, you can log into it from any Web browser, and then modify the router's settings, including its access password (highly recommended).
Software firewalls are security applications that can run on your computer, instead of being embedded in another piece of hardware. Examples of such applications include Comodo Firewall Pro, Outpost Pro Firewall, Sunbelt Personal Firewall, WIPFW, and ZoneAlarm.
If you are willing to live without the outbound protection of a dedicated firewall program (not recommended), then you could always use the firewall built into Windows XP or Vista — assuming that you are using one of those operating systems. Your Windows firewall may or may not be enabled by default — depending upon your operating system version and service pack — so you may need to enable it yourself. To do so, log into your computer using an account with administrative privileges, and then enable the firewall under Settings > Control Panel > Security Center. Unlike most of the software firewalls listed above, the Windows firewalls are built into the operating system and are thus free of charge. But in view of Microsoft's track record for securing its operating systems and applications, I cannot recommend using any native Windows firewall.
If you have multiple computers at home that you want to connect to the Internet, then probably your best option is to obtain and install a router with a built-in firewall, because you will be needing a router anyway just for networking. Furthermore, a software firewall would be one more application consuming your computer's resources. If you only have a single computer that you want to connect to the Internet, a software firewall would be sufficient.
Yet regardless of whether you choose to go with a hardware or a software firewall, it is critical that you have one or the other up and running at all times to help secure your connection to the online world.
Copyright © 2009 Michael J. Ross. All rights reserved.