Introduction
The Internet is a scary place. Criminals on the Internet have the
ability to hide behind their computers, or even other peoples computers,
while they attempt to break into your computer to steal personal
information or to use it for their own purposes. To make matters worse,
there always seems to be a security hole in your software or operating
system that is not fixed fast enough that could potentially allow
someone to hack into your computer. Where does this leave you? Are you
supposed to cancel your Internet access, or is there something you can
do to protect yourself?
The answer is that you can protect yourself with a firewall. In the
past, firewalls were expensive pieces of hardware that only companies
would use. Most people were not on the Internet, and if they were they
were connected via a dial up which is not fast enough for most hacker's
purposes. Therefore, hackers predominantly targeted companies who
normally had larger pools of available bandwidth. Now with almost
everyone being able to connect to the Internet, and many with extremely
fast and cheap bandwidth, hackers tend to target the home user as they
are more apt to not secure their computers properly thus becoming an
easy target. With this in mind developers have created cheap but
powerful home firewall solutions for the home users to protect
themselves.
This tutorial will help to increase your knowledge on how to protect
yourself with a firewall so you are not an easy target to hackers and
viruses in the future.
A firewall is a hardware device or software application that sits
between your computer and the Internet and blocks all Internet traffic
from reaching your computer that you have not specifically requested.
What this means is that if you browse to a web site, the firewall will
allow the traffic from that web site to reach your computer and
therefore yourself. On the other hand, if you did not request
information from that web site, and the web site sent traffic to you, it
would be denied from reaching your computer because you did not
specifically ask for it. This behavior can be changed if you wish, and
we will discuss that further in the document.
Firewalls for the home user can either be a piece of hardware or a piece of software. The differences will be discussed below.
A Hardware Firewall is a device that sits between your Internet
connection and the rest of the computers plugged into it. These
firewalls usually come with a built in hub that allows you to connect
multiple computers to it in order for them all to be able to share one
Internet connection. These firewalls provide protection to all the
computers connected to it using a technology called Network Address
Translation, or NAT. This protection is performed by all the protected
machines using private IP addresses, such as 192.168.1.X, that can not
be reached via the Internet. The firewall then convert these internal IP
addresses to the single public IP address that is assigned to the
firewall. This makes it so that your hardware firewall accepts all
incoming requests you asked for and then forwards them on to the
requesting internal computer. Using this method, outside machines are
never able to connect directly to your computers.
A Personal Firewall is a piece of software installed on each computer
that needs to be protected. This software then filters all incoming, and
sometimes outgoing traffic, and only allows only data that has been
requested or explicitly allowed to pass through. Personal firewalls tend
to be more feature rich than hardware versions, but they do not have
the ability to allow you to share your Internet connection with multiple
computers on the network.
The decision as to which type of firewall to use depends on what you
plan on using it for. If you would like to protect just one computer,
then a personal software based firewall is more than adequate. If you
would like to protect multiple computers, then a hardware based solution
may be most cost effective. Some people even state that you should use
both a hardware firewall to protect your network and a personal firewall
that further protects your computer. Though this is not a bad idea, it
may be cost prohibitive for many users. If money is not an option, then
using both will add an extra level of security as well as provide you
with the greater functionality found in personal firewalls.
For the rest of this tutorial we will predominantly focus on personal
firewalls that are installed on your computer, though many of the topics
discussed here apply to hardware firewalls as well.
When choosing your firewall it is important to pay attention to what
features they offer you as these features can make a large difference in
how your computer is protected. For some people certain features are
more important than others, but in terms of security the most important
are inbound and outbound filtering, application protection,
notifications, and stealth mode. These features and others will be
discussed below:
Inbound and Outbound Filtering
Filtering is when a firewall examines information passing through it
and determines if that information is allowed to be transmitted and
received or should be discarded based on rules or filters that have been
created. This is the primary function of a firewall and how it handles
these tasks is very important for your security. Most people feel
inbound filtering, which is the processing of inbound data towards your
computer, is the most important function of a firewall. Outbound
filtering, though, plays just as an important role for securing your
computer. You may have had malware installed on your computer without
your knowledge, and suddenly when you install a firewall with outbound
filtering, you will find that software on your computer is attempting to
transmit data to a remote host somewhere on the Internet. Now, not only
do you know that this software is installed, but the outbound filtering
stopped it from passing on private information.
These filters can also be modified to allow certain computers on the
Internet to reach your computer or for certain applications on your
computer to transmit data to the Internet. How these rules should be
modified is determined by your needs. For example if you would like
remote users to be able to connect to you remotely using remote desktop
you will need to open up the port
associated with Remote Desktop, which is tcp port 3389, in order for
your firewall to allow that traffic to flow through. An example of this
can be seen below where a particular remote computer is given permission
to access the computer behind the firewall.
Figure 1. Example of a Firewall allowing a remote computer access to a computer behind a firewall
Stealth Mode
It is important for your firewall to not only block requests to reach
your computer, but to also make it appear as if your computer does not
even exist on the Internet. When you are connected to the Internet and
your computer can not be detected via probes to your computer, you are
in what is called Stealth mode. Hackers have the ability to detect if
you are on the Internet by probing your machine with special data and
examining the results. When you are in Stealth mode the firewall does
not send this information back making it seem like you are not even
connected. Due to this hackers will not continue targeting your computer
as they will think you are not online.
Privacy protection
Many firewalls now have the ability to block spyware, hijackers, and
adware from reaching your computer. This allows you to protect your
computer from being infected with software that is known to reveal
private information about what you do on the Internet or other computing
habits. These features are usually bundled into the commercial versions
of the firewall software packages.
Application Integrity
Application Integrity is when the firewall monitors the files on your
computer for modification in the file or how they are launched. When it
detects such a change it will notify the user of this and not allow that
application to run or transmit data to the Internet. Many times these
modifications may have been part of an upgrade, but if it was modified
by a malicious program you will now be made aware of it.
Intrusion detection
Intruders use various methods to penetrate the security of your
computer. Intrusion detection scans incoming data for signatures of
known methods and notifies you when such attacks are recognized. This
allows you to see what means a hacker is trying to use to hack your
computer.
Notifications
Notifications allow you to see the activity of what is happening on
your firewall and for the firewall to notify you in various ways about
possible penetration attempts on your computer.
Monitoring
Regardless of the firewall you use it is good practice to monitor the
firewall logs occasionally. With good monitoring of your logs you will
increase your security immediately. Statistically most hacks could have
been avoided if people monitored their logs as most hackers will probe a
computer before they hack it. If an administrator of the computer had
noticed these probes, they may have been able to determine if their
computers were vulnerable to what was being probed for. When you first
install your firewall and examine the logs you will be simply amazed as
to the amount of people who are attempting to access your computer
without your knowledge.
There are three main reasons for monitoring your log files and are discussed below:
Preventative Measures: By monitoring the logs of your firewall you can see what ports and services hackers are attempting to exploit. You can then use this information to make sure your computer is secure from these exploits. For example, if you notice on your logs that many people are scanning your computer for port 3127 and did some research, you will find that it could be that people or viruses are looking for backdoors into your computer left by an early variant of the MyDoom virus. You can then make sure your computers are not affected by this potential exploit.
Forensics: If your computer gets compromised by a remote computer, and you find the files placed on your computer by the hacker you can determine the date and time that they were placed there. Using this information you can check your log archives for activity during that time and date to determine how the hacker was able to penetrate your computer. This information can then be used to secure your computer.
Reporting to the authorities: Using the information found in the log files will allow you to present information to authorities in the case of a successful hack or an attempt. The logs will give you the IP address of the offending computer, the method used, and the time and date it was performed. This information can be given to the appropriate ISP or authorities in case of criminal activities.
Good Practice
It is good practice to occasionally examine any custom rules or filters
that you have created for allowing incoming traffic or outbound traffic
to or from your computer. You may at times allow certain protocols to
connect to your computer for various reasons including file sharing,
mail, ftp, or web. Many times these rules are created, and then they are
forgotten and remain open. It is good practice to examine your
firewalls configuration occasionally to make sure these rules are
disabled if they are no longer needed. If you keep these rules open when
you do not need them, you are creating a potential avenue for hackers
to compromise your computer.
It is important to note that almost all Internet applications are
created with the thought that there is no firewall in place that could
change how these applications can communicate with the Internet.
Sometimes using a firewall can make certain features of the applications
no longer work properly. In the majority of cases, these services can
be enabled to work by changing certain settings in your firewall to
allow incoming traffic to be received by your computer. When this type
of situation occurs you can create a custom rule that allows that
particular application to work.
An example of this would be if you have Windows XP Professional and
would like to be able to remotely connect to your Remote Desktop from
another computer. Since firewalls by default block all incoming traffic
to your computer when you attempt to connect to Remote Desktop the
connection will be denied. If you search on Remote Desktop
using Google you will find that Remote Desktop uses TCP port 3389 to
accept incoming connections. You would then change your rules on your
firewall to allow incoming connections to TCP port 3389, thus allowing
you to connect to your computer remotely.
Therefore, when using applications with a firewall and you find that
there are problems, you should search the Internet on how to use that
program with a firewall and what ports should be opened. Then you would
create a custom rule that would allow the specific traffic to reach your
computer.
There are many types of firewalls on the market, each with their own
strengths and weaknesses. I have listed these personal software
firewalls and hardware vendors as resources for you to research further.
If a firewall is noted as free it is important to note that their
commercial equivalents will probably contain more features that may be
beneficial to you.
Free Personal Firewalls
Commercial Personal Firewalls
- Black Ice
- McAfee Personal Firewall
- Norton Person Firewall
- Outpost Firewall Pro
- Tiny Personal Firewall
- Zone Alarm Pro/Plus
Hardware Router/Firewalls Vendors
As you can see having a firewall protecting your computer is a
necessity in protecting your computer from hackers or viruses. With the
proper monitoring and rules you will be able to use your applications on
the Internet as you would like to with the added benefit of securing
your computer. When you leave your house, you lock your doors to prevent
robbery, why not use a firewall to put a lock on your computer.
Thanks & Regards,
"Remember Me When You Raise Your Hand For Dua"
Raheel Ahmed Khan
System Engineer
send2raheel@yahoo.com
send2raheel@engineer.com
sirraheel@gmail.com
send2raheel (skype id)
My Blog Spot
http://raheel-mydreamz.blogspot.com/
http://raheeldreamz.wordpress.com/
My Face book pages
http://www.facebook.com/pages/My-Dreamz-Rebiuld-our-nation
http://www.facebook.com/pages/Beauty-of-islam
http://www.facebook.com/pages/Health-is-wealth
"Remember Me When You Raise Your Hand For Dua"
Raheel Ahmed Khan
System Engineer
send2raheel@yahoo.com
send2raheel@engineer.com
sirraheel@gmail.com
send2raheel (skype id)
My Blog Spot
http://raheel-mydreamz.blogspot.com/
http://raheeldreamz.wordpress.com/
My Face book pages
http://www.facebook.com/pages/My-Dreamz-Rebiuld-our-nation
http://www.facebook.com/pages/Beauty-of-islam
http://www.facebook.com/pages/Health-is-wealth
No comments:
Post a Comment