Business-like, isn't he?


 

 




CyberSafety: Firewalls

 

by Alan Zisman (c) 2003 

An unprotected computer on the Internet is like a house with an unlocked door in a high-crime neighborhood (like mine). On a regular basis, strangers come around and rattle the door and windows. If they're unlocked, they come in to take a look around. And once in, they may walk off with your possessions, or even sit around, use your stuff, and act like they own the place.

With your computer, these strangers may be looking for financial data: credit card and bank account numbers. Or they may want to use your computer as a base to attack other computers, getting it to help them repeatedly bang on some other computer's door in a so-called denial-of-service (DOS) attack. Recently, there's evidence that spam emailers have taken to using unlocked computers to send large volumes of e-mail, to make it harder to catch or block them.

Check what's unlocked

Right now, let's take a look at how open your computer is to the anyone rattling the doors and windows. Long-time personal computer program and guru, Steve Gibson, has a website worth a visit: http://www.grc.com. When you go there, rather than clicking on a link on the inital black-background page, wait a moment for the true first page to appear. You'll see news about a wide-range of Internet security issues; Steve, for instance, was one of the first to raise the issue of spyware installed along with 'free' software. Feel free to browse his stuff, but eventually, click on the link for Shield's Up (or go directly to it at: https://grc.com/x/ne.dll?bh0bkyd2). Click the Test  My Shields! button, and after looking at the results, try the Probe My Ports! tests. After the tests, scroll down the page for descriptions of what the results mean. 'Ports' are like the different doors and windows of your house-- different Net services: HTTP, FTP, telnet, RealPlayer, file sharing programs, and the like, each have a port that they typically use to get in and out of computers. Ideally, you want Grc's ports probe to find your ports hidden away (stealthed) or locked up tight (closed). Open ports are like unlocked doors; something to be avoided (at least in my neighborhood). (Note: in this context, ports are not real, physical parts of your computer-- like your printer port or USB ports, but instead are virtual ports, identified by number. HTTP (Web) traffic generally uses Port 80; telnet uses Port 21, etc).

Another, different set of tests can be run at Symantec's Security Check (http://www.symantec.com/securitycheck/). We earlier linked to this address as a place to run an online check for virus infections. This time, click on the page's link labelled: Scan for Security Risks. You'll be asked to download a Symantec Security Check utility; feel free to do so. After a few moments, you will see results of a number of tests. Be sure to click the Show Details links for more information. Note that unlike grc.com, which is run purely as a public service, Symantec really wants to sell you copies of their Norton Antivirus or Norton Internet Security software packages.

PestPatrol (http://pestpatrol.com/Support/About/About_Ports_And_Trojans.asp ) has a link to download their free Port Checker utility which will quickly check whether any nasty software is making use of your computer's ports.

What's a firewall?

Webopedia.com defines firewall as "A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria." As an individual user, you may want to replace their use of the words network and intranet with computer. It is becoming increasingly common for users to protect individual computers with software or hardware firewalls-- especially if they are always connected to the Internet by a cable or DSL broadband connection.

Hardware firewalls may be dedicated units, such as the Alphashield (US$99/CDN$149 from Burnaby BC's http://www.alphashield.com), designed to protect home users with individual computers or small home networks. Alternatively, users who are connecting more than one computer to a broadband connection may purchase a small router (wired or wireless), from brands including Linksys, dLink, Netgear, and others. Often, these routers include hardware firewalls.

Firewalls and routers use a number of technologies. They may use Network Address Translation (NAT) to hide the address of the connected computer(s) from outsiders on the Internet. IP filtering can block Internet packets from specific addresses. Stateful Packet Inspection (SPI) checks the contents of Internet traffic before allowing it to pass inside. Advanced settings let the firewall be used to block (or allow) traffic through specific ports. 

Advantages of hardware firewalls (whether part of a router or not):
-- they do not take any resources away from the computers connected to them
-- while setup can be complex, once set they can simply be left alone, running on their own for long periods of time without needing any user intervention
-- for many users, the default settings are fine. In that case, just plugging in the firewall provides quick and easy protection
-- a single hardware firewall can protect all the computers on a home or small office network.

Disadvantages of hardware firewalls:
--  if the default settings need modification, non-technical users can get overwhelmed with acronyms and obscure options. Meanwhile, their multi-user game (or whatever) doesn't work.
-- cost is higher than software firewalls
-- generally not useful in blocking traffic going out of the user's computer or network
-- models aimed at home users do not provide information on attempts to break in.
-- if you use a notebook, you probably can't take one with travelling with you..
-- they do not protect users from viruses or spam or downloaded files. (Then again, neither do software firewalls).

Software firewalls are software that runs on a computer, monitoring network or Internet traffic, closing ports that are not in use by  legitimate services. Some software firewalls also block unauthorized information from leaving your computer. This can be a very useful feature.

Microsoft built Internet Connection Firewall into Windows XP; this is a very bare-bones firewall that does not block any outgoing data. Much more capabile firewalls are available from a many other sources; some are bundled with antivirus and other utilities into Internet Security suites, others are available for free.

Most firewall software will come with a set of pre-established rules for well-known software on your computer that connects to the Internet, but will require a few days training-- as other software tries to connect with the Net, the firewall will ask you whether to allow it or not. This will give you a good sense of the spyware on your system, and give you the capability to block it from 'phoning home'. However, this process can be annoying-- as a result, many users give blanket permission, and end up letting the spyware on their system do whatever it wants.

This process can be annoying, and far too often, firewalls report the name of a file that's trying to access the Net, without giving the user enough information to know what that file actually is-- what program it's a part of. PC Magazine (Nov 19, 2002) published a list with many files commonly identified in that way, and where they come from: http://www.pcmag.com/article2/0,4149,640479,00.asp

If you are using software firewalls and have a home or small office network, you should install the firewall software on each connected computer. Because they are always running in the background, they use computer resources and will result in a small but real drain on the computers' performance.

If you've got a network, use both
A router (with built-in hardware firewall) is the best way to connect multiple computers to the Internet; but also install software firewalls on all your systems, to check outgoing traffic and to protect notebooks when they're on the road.

What firewalls don't protect
Neither software nor hardware firewalls protect your system(s) from viruses or spam. If you download a Trojan Horse or spyware program and install it on your system, you've let the 'bad guys' in past the firewall-- though a software firewall may keep the spyware from being able to report back on you.

Software Firewalls compared:
In November 2002, PC Magazine reviewed 6 brands of software firewalls marketed for home and small office users: http://www.pcmag.com/article2/0,4149,945637,00.asp
Their Editors' Choice went to Symantec's Norton Internet Security Suite 2003, which bundles a software firewall together with Norton Antivirus, ad blocking, spam filtering, and the ability for parents to limit what their children can do online. Setup wizards make it one of the easiest firewalls to configure. (PC Mag also ran a companion piece looking at small business firewalls: http://www.pcmag.com/article2/0,4149,644364,00.asp)

If you're on a budget, and don't want to pay for all the features in NIS, ZoneAlarm (http://www.zonelabs.com) offers three versions: a US$50 Pro version, a US$30 Plus version, and a free (for personal or non-profit use) version. Unless they have a home network, the free version provides all the protection most home users will need. It will protect against outsiders probing your system for security holes, and can give information about the prober. It also controls against Trojans and spyware installed on your system attempting to contact outside.

The Plus version adds protection against email worms and viruses (though it is not a full replacement for anti-virus software), and provides more information and reporting about outsiders probing your system. The Pro version adds control over browser cookies, stops pop-up ads, and controls nasty ActiveX and JavaScript web applications.

As with other firewalls, expect to spend some time 'training' it; after installation, you will be notified every time an application tries to access the Internet or your home network, letting you set rules for that application. Nice feature-- you can give applications different settings for access within your local network and the Internet. Your word processor may need to access documents shared on another computer on the network, but does it need Internet access?

When first installed, Zone Alarm will also notify you everytime someone outside tries to get at your computer. While this is interesting (and frightening) for a while, it gets boring fast... luckily, you can easily set the program to keep a log of all these attempts, while not needing to bring it to your attention.

Home users with local area networks will need to manually set the free Zone Alarm version to recognixe their home LAN.

Zone Alarm is not the only firewall with a free version... Tiny Personal Firewall (http://www.tinysoftware.com/) used to have a free version, which can still sometimes be found (for example: http://www.pcworld.com/downloads/file_description/0,fid,8051,00.asp)  Effective Nov 30 2005, Symantec, having purchased Sygate, has stopped making both paid and free versions of Sysgate Personal Firewall available, though copies may still be found online. Kerio also announced that it will no longer be supporting its Desktop Firewall product, though it can still be downloaded at: http://www.kerio.com/kpf_download.html Jetico Personal Firewall (http://www.jetico.com/index.htm#/jpfirewall.htm) is free for Windows 98 through XP; I haven't had the opportunity to use this one. Comodo Personal Firewall is a new, modern, free firewall that's getting great reviews.

New: ZoneLabs, makers of ZoneAlarm have a new product, IMsecure for users of instant messaging programs AOL, Yahoo, and MSN Messenger. (It doesn't work with the popular ICQ). As with Zone Alarm, there's a free basic and a pay (US$20) 'Pro' version. Both versions offer encryption and protect against buffer-overflow attacks; the free version will only protect one user name on one IM network.

PC Magazine (November 8 2005) reviewed four free firewall programs: Kerio, Outpost, Sygate, and ZoneAlarm 6. Their conclusion: Kerio was the best for Windows 2000 and XP users, ZoneAlarm for Win98/ME users. Read their detailed reviews: http://www.pcmag.com/article2/0,1895,1865517,00.asp

How do nasty worms get inside corporate firewalls
If home users can protect themselves with personal firewalls and antivirus software, how is it that big organizations seem to be vulnerable to worm attacks such as the August 2003 Blaster worm that shut down Air Canada's reservations system or the September 2003 shut down of the US State Department's visa application network?

The September 2003 ComputerWorld article: "Lessons Learned From the Blaster Worm": http://www.computerworld.com/securitytopics/security/story/0,10801,85247,00.html?nas=SEC2-85247 notes that firewalls can be compromised in several ways, for example, by notebook users who take their computers home and let them become infected there, then bring them back inside the corporate firewall. As well, users who browse to a webmail service to check their personal email at work may be bringing viruses and worms inside the corporate firewall. 

One moral is that it's important for everyone to be running antivirus software, and make sure that it's kept up to date... not simply assume that a firewall will provide protection.

Homework:
-- Go to grc.com or the Symantec Security Check (or both) and check how secure your system is right now.
-- Install a software firewall (such as ZoneLabs or Norton Internet Security Suite). Spend several days with it, until you've set rules for Internet and network access for most of your installed software. Any surprises about what software was trying to get Net access?
-- Go back to grc.com with your firewall installed and check your system's security.

The CyberSafety course includes the following modules:

Or cut to the chase with 7 Steps to Internet Security!

Last updated June 24 2006
 


Google

Search WWWSearch www.zisman.ca

Alan Zisman is a Vancouver educator, writer, and computer specialist. He can be reached at E-mail Alan