There are three pieces of software that, in my opinion, make the backbone of a decent security setup on your home PC. These are the anti-virus, the firewall, and the password manager.
Of these, the firewall is often the least well remembered despite its importance. The fade of the firewall from public view is due to the fact that Windows itself now has a built-in firewall, so there’s less need to go searching for a third-party option. Curious minds may wonder how they work, however, so let’s take a look.
The Beginnings Of The Firewall
The term “firewall” of course starts with actual walls built to prevent against fire. These are still common today in buildings that deal with hazardous materials. If there is a blast or fire, the firewall prevents the blaze from exiting the hazardous area and feeding on the rest of the structure.
Geeks adopted the term in the late 1980’s as a way of describing any piece of software or hardware that protects a system or network from the Internet at large. Malware like the Morris Worm provided that it was possible for software to pig-back the Internet and do serious damage to randomly targeted systems. As a result, security-savvy individuals and organizations started to look in to ways to protect themselves from such malware.
This is a good point to start talking about the three types of firewalls that are most common, starting with the first type invented – the packet filter.
Types of Firewalls
Early firewalls only read packet header data, like source address and destination address. Action could then be taken based off the information obtained. This is efficient and quick, but can be vulnerable in some ways. Spoofing attacks, for example, can be very effective against a packet filter. Advanced versions of packet filter firewalls keep data about packets in memory and can change their behavior based on network events. These are known as “stateful” and “dynamic” firewalls, respectively.
The next step in firewalls, the Circuit Gateway doesn’t just deal with packet header data. It also attempts to make sure that a connection relaying packets is valid. To do this, the Circuit Gateway pays attention to packet data and looks for changes, such as an unusual source IP address or destination port. If a connection is determined invalid, it can be closed. These firewalls also automatically reject information not specifically requested by a user inside the firewall.
Application Level Gateways
These firewalls share the properties of circuit gateways, but they delve deeper into the information being sent through the firewall and see how it relates to specific applications, services and websites. For example, an application level gateway can look into packets carrying web traffic and determine what sites the traffic is from. The firewall can then block data from certain sites if the administrator desires.
If you have a firewall installed on your computer, it is most likely an application level firewall. It will be able to control how individual applications access the Internet and block specific or unknown applications the moment the try to accept incoming information or send outgoing information.
Your personal firewall is also a software firewall. That means its functions are controlled by code installed on your computer. The advantage of this is obvious – you can easily change the settings of the firewall whenever you would like, and you can access its interface without logging into any separate piece of equipment.
However, a software firewall can be vulnerable due to the fact that it can be manipulated if the system it is installed on is compromised. If your computer was somehow infected with malware in spite of your firewall and other security measures, that malware might be programmed to circumvent the firewall or change its settings. For this reason, software firewalls are never entirely secure.
Hardware Firewalls & Home Use
To address this vulnerability, large organizations usually use a hardware firewall or firewalls in addition to a software firewall or firewalls. The kind of firewalls used by organizations with their own networking department is heavy equipment capable of sniffing out network instruction attempts on its own. Often, they’re sold as part of a larger security ecosystem by companies that specialize in enterprise-level security solutions, like Cisco.
Such equipment often isn’t practical for a home user. But the alternative may already sit in your home. For one, every broadband router acts as a firewall due to its nature. A router acts as a go-between for your computers in the Internet. Connections sent your computers from the Internet are not sent directly to them – they’re sent to the router first. It then decides where that information needs to go, if anywhere. If the router decides the information wasn’t requested, or the information is sent to a port the router doesn’t have open at all, it’s dropped.
This is why you sometimes have to set up “port forwarding” in your router to get certain games to function. The packets coming in from the game’s servers are being ignored by the router. This isn’t a true firewall, however, because there’s no inspection of packets. It’s simply a side-effect of the way a router functions.
If you decide you do want a real hardware firewall, you can buy one at affordable prices. Cisco, Netgear and others produce “small business routers,” which are small devices with built-in firewall functionality that are designed connecting for just a handful of computers to the Internet. Such a device usually uses a packet filtering or circuit gateway method, so it can’t be easily circumvented by a software infection on a network PC.
In addition, a basic hardware firewall is useful if you run a server because it can monitor for denial-of-service attacks and intrusion attempts. Don’t expect your $199 firewall to hold off Anonymous, but it could come in handy if SuCkAz555 is sore after you banned him from your Minecraft server.
Software firewalls remain an important part of securing your home computer. Windows has had a built-in firewall since XP, and if you’d just like to use that, we have a tutorial article that can help you learn your way around. Free third-party firewalls still exist, as well.
If you are behind a router and have a software firewall, you’re reasonably well protected. The main way that you would become compromised is if you downloaded malware that then managed to circumvent your system including your firewall. But if you have anti-virus software and you did not disable User Account Control, any such attack should be stopped in its tracks.