Saturday, 20 October 2012

Understanding and Using Firewalls

Introduction
The Internet is a scary place. Criminals on the Internet have the ability to hide behind their computers, or even other peoples computers, while they attempt to break into your computer to steal personal information or to use it for their own purposes. To make matters worse, there always seems to be a security hole in your software or operating system that is not fixed fast enough that could potentially allow someone to hack into your computer. Where does this leave you? Are you supposed to cancel your Internet access, or is there something you can do to protect yourself?
The answer is that you can protect yourself with a firewall. In the past, firewalls were expensive pieces of hardware that only companies would use. Most people were not on the Internet, and if they were they were connected via a dial up which is not fast enough for most hacker's purposes. Therefore, hackers predominantly targeted companies who normally had larger pools of available bandwidth. Now with almost everyone being able to connect to the Internet, and many with extremely fast and cheap bandwidth, hackers tend to target the home user as they are more apt to not secure their computers properly thus becoming an easy target. With this in mind developers have created cheap but powerful home firewall solutions for the home users to protect themselves.
This tutorial will help to increase your knowledge on how to protect yourself with a firewall so you are not an easy target to hackers and viruses in the future.
The Firewall
A firewall is a hardware device or software application that sits between your computer and the Internet and blocks all Internet traffic from reaching your computer that you have not specifically requested. What this means is that if you browse to a web site, the firewall will allow the traffic from that web site to reach your computer and therefore yourself. On the other hand, if you did not request information from that web site, and the web site sent traffic to you, it would be denied from reaching your computer because you did not specifically ask for it. This behavior can be changed if you wish, and we will discuss that further in the document.
Firewalls for the home user can either be a piece of hardware or a piece of software. The differences will be discussed below.
A Hardware Firewall is a device that sits between your Internet connection and the rest of the computers plugged into it. These firewalls usually come with a built in hub that allows you to connect multiple computers to it in order for them all to be able to share one Internet connection. These firewalls provide protection to all the computers connected to it using a technology called Network Address Translation, or NAT. This protection is performed by all the protected machines using private IP addresses, such as 192.168.1.X, that can not be reached via the Internet. The firewall then convert these internal IP addresses to the single public IP address that is assigned to the firewall. This makes it so that your hardware firewall accepts all incoming requests you asked for and then forwards them on to the requesting internal computer. Using this method, outside machines are never able to connect directly to your computers.
A Personal Firewall is a piece of software installed on each computer that needs to be protected. This software then filters all incoming, and sometimes outgoing traffic, and only allows only data that has been requested or explicitly allowed to pass through. Personal firewalls tend to be more feature rich than hardware versions, but they do not have the ability to allow you to share your Internet connection with multiple computers on the network.
The decision as to which type of firewall to use depends on what you plan on using it for. If you would like to protect just one computer, then a personal software based firewall is more than adequate. If you would like to protect multiple computers, then a hardware based solution may be most cost effective. Some people even state that you should use both a hardware firewall to protect your network and a personal firewall that further protects your computer. Though this is not a bad idea, it may be cost prohibitive for many users. If money is not an option, then using both will add an extra level of security as well as provide you with the greater functionality found in personal firewalls.
For the rest of this tutorial we will predominantly focus on personal firewalls that are installed on your computer, though many of the topics discussed here apply to hardware firewalls as well.
Firewall Features
When choosing your firewall it is important to pay attention to what features they offer you as these features can make a large difference in how your computer is protected. For some people certain features are more important than others, but in terms of security the most important are inbound and outbound filtering, application protection, notifications, and stealth mode. These features and others will be discussed below:
Inbound and Outbound Filtering
Filtering is when a firewall examines information passing through it and determines if that information is allowed to be transmitted and received or should be discarded based on rules or filters that have been created. This is the primary function of a firewall and how it handles these tasks is very important for your security. Most people feel inbound filtering, which is the processing of inbound data towards your computer, is the most important function of a firewall. Outbound filtering, though, plays just as an important role for securing your computer. You may have had malware installed on your computer without your knowledge, and suddenly when you install a firewall with outbound filtering, you will find that software on your computer is attempting to transmit data to a remote host somewhere on the Internet. Now, not only do you know that this software is installed, but the outbound filtering stopped it from passing on private information.
These filters can also be modified to allow certain computers on the Internet to reach your computer or for certain applications on your computer to transmit data to the Internet. How these rules should be modified is determined by your needs. For example if you would like remote users to be able to connect to you remotely using remote desktop you will need to open up the port associated with Remote Desktop, which is tcp port 3389, in order for your firewall to allow that traffic to flow through. An example of this can be seen below where a particular remote computer is given permission to access the computer behind the firewall.

Figure 1. Example of a Firewall allowing a remote computer access to a computer behind a firewall

Stealth Mode
It is important for your firewall to not only block requests to reach your computer, but to also make it appear as if your computer does not even exist on the Internet. When you are connected to the Internet and your computer can not be detected via probes to your computer, you are in what is called Stealth mode. Hackers have the ability to detect if you are on the Internet by probing your machine with special data and examining the results. When you are in Stealth mode the firewall does not send this information back making it seem like you are not even connected. Due to this hackers will not continue targeting your computer as they will think you are not online.
Privacy protection
Many firewalls now have the ability to block spyware, hijackers, and adware from reaching your computer. This allows you to protect your computer from being infected with software that is known to reveal private information about what you do on the Internet or other computing habits. These features are usually bundled into the commercial versions of the firewall software packages.
Application Integrity
Application Integrity is when the firewall monitors the files on your computer for modification in the file or how they are launched. When it detects such a change it will notify the user of this and not allow that application to run or transmit data to the Internet. Many times these modifications may have been part of an upgrade, but if it was modified by a malicious program you will now be made aware of it.
Intrusion detection
Intruders use various methods to penetrate the security of your computer. Intrusion detection scans incoming data for signatures of known methods and notifies you when such attacks are recognized. This allows you to see what means a hacker is trying to use to hack your computer.
Notifications
Notifications allow you to see the activity of what is happening on your firewall and for the firewall to notify you in various ways about possible penetration attempts on your computer.
Firewall Monitoring and Good Practice
Monitoring
Regardless of the firewall you use it is good practice to monitor the firewall logs occasionally. With good monitoring of your logs you will increase your security immediately. Statistically most hacks could have been avoided if people monitored their logs as most hackers will probe a computer before they hack it. If an administrator of the computer had noticed these probes, they may have been able to determine if their computers were vulnerable to what was being probed for. When you first install your firewall and examine the logs you will be simply amazed as to the amount of people who are attempting to access your computer without your knowledge.
There are three main reasons for monitoring your log files and are discussed below:
Preventative Measures: By monitoring the logs of your firewall you can see what ports and services hackers are attempting to exploit. You can then use this information to make sure your computer is secure from these exploits. For example, if you notice on your logs that many people are scanning your computer for port 3127 and did some research, you will find that it could be that people or viruses are looking for backdoors into your computer left by an early variant of the MyDoom virus. You can then make sure your computers are not affected by this potential exploit.
Forensics: If your computer gets compromised by a remote computer, and you find the files placed on your computer by the hacker you can determine the date and time that they were placed there. Using this information you can check your log archives for activity during that time and date to determine how the hacker was able to penetrate your computer. This information can then be used to secure your computer.
Reporting to the authorities: Using the information found in the log files will allow you to present information to authorities in the case of a successful hack or an attempt. The logs will give you the IP address of the offending computer, the method used, and the time and date it was performed. This information can be given to the appropriate ISP or authorities in case of criminal activities.
Good Practice
It is good practice to occasionally examine any custom rules or filters that you have created for allowing incoming traffic or outbound traffic to or from your computer. You may at times allow certain protocols to connect to your computer for various reasons including file sharing, mail, ftp, or web. Many times these rules are created, and then they are forgotten and remain open. It is good practice to examine your firewalls configuration occasionally to make sure these rules are disabled if they are no longer needed. If you keep these rules open when you do not need them, you are creating a potential avenue for hackers to compromise your computer.
Common Issues with Firewalls
It is important to note that almost all Internet applications are created with the thought that there is no firewall in place that could change how these applications can communicate with the Internet. Sometimes using a firewall can make certain features of the applications no longer work properly. In the majority of cases, these services can be enabled to work by changing certain settings in your firewall to allow incoming traffic to be received by your computer. When this type of situation occurs you can create a custom rule that allows that particular application to work.
An example of this would be if you have Windows XP Professional and would like to be able to remotely connect to your Remote Desktop from another computer. Since firewalls by default block all incoming traffic to your computer when you attempt to connect to Remote Desktop the connection will be denied. If you search on Remote Desktop using Google you will find that Remote Desktop uses TCP port 3389 to accept incoming connections. You would then change your rules on your firewall to allow incoming connections to TCP port 3389, thus allowing you to connect to your computer remotely.
Therefore, when using applications with a firewall and you find that there are problems, you should search the Internet on how to use that program with a firewall and what ports should be opened. Then you would create a custom rule that would allow the specific traffic to reach your computer.
Popular Firewalls
There are many types of firewalls on the market, each with their own strengths and weaknesses. I have listed these personal software firewalls and hardware vendors as resources for you to research further. If a firewall is noted as free it is important to note that their commercial equivalents will probably contain more features that may be beneficial to you.
Free Personal Firewalls
Commercial Personal Firewalls
Hardware Router/Firewalls Vendors
Conclusion
As you can see having a firewall protecting your computer is a necessity in protecting your computer from hackers or viruses. With the proper monitoring and rules you will be able to use your applications on the Internet as you would like to with the added benefit of securing your computer. When you leave your house, you lock your doors to prevent robbery, why not use a firewall to put a lock on your computer.

Thanks & Regards,

"Remember Me When You Raise Your Hand For Dua"
Raheel Ahmed Khan
System Engineer
send2raheel@yahoo.com
send2raheel@engineer.com
sirraheel@gmail.com
send2raheel (skype id)

My Blog Spot
http://raheel-mydreamz.blogspot.com/
http://raheeldreamz.wordpress.com/

My Face book pages
http://www.facebook.com/pages/My-Dreamz-Rebiuld-our-nation
http://www.facebook.com/pages/Beauty-of-islam
http://www.facebook.com/pages/Health-is-wealth

No comments:

Post a Comment

what is Juice Jacking SCAM

  Juice Jacking is a cybersecurity threat that occurs when cybercriminals manipulate public charging stations, such as USB charging ports in...