21.6. Sealing Your Computer's FirewallBelieve it or not, there are even more bad things that can happen when you're online. Total strangers, next door or in Eastern Europe, can connect to your Windows PC, invisibly take control of it, and turn it into, for example, a relay station that helps them pump out millions of pieces of spam (junk email) every day. You might notice that your PC has slowed down, and you might not. But you've just become part of the problem. How is this possible? To understand the technical underpinnings, you need to know about ports . Ports are like TV channels. Your PC has a bunch of them, each one dedicated to letting certain kinds of Internet information pass through: surfing the Web, sending email, downloading files, playing videos , and so on. Trouble is, Internet intruders roaming around online know how to use these ports to their advantage. They use software that can slip into your PC through one of these ports. Ready to yank your modem cable out of the wall yet? Relax. You can stop the baddies just by using a firewall , a security barrier that prevents people or programs from sneaking into your machine via your Internet connection. A firewall can be a software program or a physical piece of hardware. Good firewalls can monitor both incoming and outgoing traffic. So, in addition to keeping out intruders, your firewall can detectand stopspyware or a virus trying to transmit information from your computer. 21.6.1. Hardware FirewallsA hardware firewall is a physical box sitting squarely between your computer and the Internet outside so potential intruders can't see your machine. You may have one and not even know it. For example, if you've installed a router (Section 1.1.1.2) so that more than one computer can share your cable modem, you may be delighted to learn that it's probably a hardware firewall. It constantly screens the traffic to and from your networked computers. Even if you don't have a home network, a router with a built-in firewall is a good investment, especially if you have a broadband connection. When shopping, look for a router with a firewall that includes both SPI (Stateful Packet Inspection) and NAT (Network Address Translation). Security products like the AlphaShield ( www.alphashield.com)which plugs in between your computer and your broadband modemalso monitor all Internet traffic and block any suspicious activity.
21.6.2. Software FirewallsA software firewall is good protection, too. No wonder both Windows and Mac OS X come with such a feature built right in. (All the Internet security suites described in Section 7.2.2.1 include firewall programs as well.) Figure 21-4. Occasionally, to get a program through the firewall, you must open the port it wants to use. On the Windows Firewall Exceptions tab, click the Add Port button. In the "Add a Port" dialog box, type a name (so you'll remember why you're opening that particular port) and enter the port number, which you can usually find in the program's manual or Web site.Tip: If you have a hardware firewall (like a router), you don't need to turn on a software firewall too. 21.6.2.1. The Windows XP FirewallWhen Windows XP first appeared back in 2001, it came with a nifty new featurebuilt-in firewall software. Unfortunately, Microsoft left the firewall turned off, and few people could find it to turn it on. So, in the interest of greater security, Service Pack 2 (which Microsoft released a few years later) automatically flips the Windows Firewall on. In fact, once you install this update, Windows XP pesters you (by popping up yellow warning balloons from the taskbar) if you turn the firewall off. If you do have Service Pack 2 installedeither because you installed it or because you bought your computer after October 2004you can find the on/off switch for the firewall like this. Choose Start Control Panel Security Center Windows Firewall. (If you use the Control Panels Classic view, choose Start Control Panel Windows Firewall.) On the General tab of the Windows Firewall control panel, click the button next to "On (recommended)" and then click OK. The firewalls off button is here, too, if you need to shut it down for a minute to troubleshoot your Internet connection or something. Note: If you like the sound of a sturdy, free firewall that's more powerful (because it blocks traffic coming and going through your computer) check out ZoneAlarm (www.zonelabs.com). With a friendlier interface, ZoneAlarm is often easier to use than the built-in Windows Firewall, which is set to block unauthorized traffic coming to your PC from the outside world, but it may not be much help against programs on your PC trying to sneak out to the Internet without your permission. ZoneAlarm works with systems as far back as Windows 98SE, so it gives you a firewall option if your PC is too old to run Windows XP. (And if you do have Windows XP, you can still use ZoneAlarm. The Windows Firewall is savvy enough to get out of the way when you install an alternative program.)To try the software, scroll down to the bottom of ZoneLabs' home page and click "Free ZoneAlarm and Trials." You can get the free version here or buy the $50 full-featured edition with more controls and technical support. Once you download and install the program, ZoneAlarm makes your machine invisible to other computers nosing around on the Net. 21.6.2.2. Setting up the Mac OS X firewallApple's system security for its Mac OS X Tiger system is even stricter than Microsoft's: Out of the box, all communication ports and services on the Mac are closed to the outside. (That's one reason the Mac hasn't attracted hackers like Windows has.) The Mac also comes with its own built-in firewall that blocks all incoming Internet traffic except for the programs you allow through. Its factory setting is Off, though, so you need to give it a little click-start. To turn on the Mac OS X firewall, follow these steps:
Figure 21-5. Mac OS X starts out fully barricaded against Internet intrusions. However, you can let programs and services through the firewall by simply selecting them in the Firewall tab on the Sharing preferences window.Tip: Want to make sure your computer's firewall is doing its job? Several online sites offer to knock on your computer's ports and see if there are any openings for intruders to slither through. Check out ShieldsUP (www.grc.com), Hackercheck (www.hackercheck.com ), or Planet Security's firewall check (www.planet-security.net ). |