Section 15.7. Installing a Firewall


15.7. Installing a Firewall

PCs are no longer safe when directly connected to the Internet. A new, unpatched version of Windows XP typically becomes infected within 15 minutes of connecting to the Internet. Microsoft finally realized the extent of the problem, and its collection of patches in Service Pack 2 automatically flipped Windows XP's built-in firewall to "On." (Before that, Microsoft expected you to find the firewall and turn it on yourself.)

Firewalls work their magic by constantly monitoring the flow of information between your PC and the Internet. When a programyour Web browser, for instanceneeds information, it sends a request to the Internet, asking for information to be sent back to your PC. The firewall takes careful note of every request, as well as every piece of incoming information.

When the firewall finds a match between a request and an answer, it lets the answer enter your PC. But if information arrives without a matching request, the firewall assumes it's either evil, lost, or simply background noise; either way, the firewall prevents it from entering.

Firewalls come in two types, hardware and software, both described next .

15.7.1. Hardware Firewall

Letting your broadband-fed PC connect directly to the Internet is like not bothering to install a door. It's convenient when carrying in groceries, but otherwise it's a pretty unsafe arrangement.

That's where a hardware firewall comes in. A broadband router (see Section 14.1.3) works as a base-level hardware firewall by sitting between your PC and the Internet. Potential intruders can't "see" your PC, which means that none of their Windows exploits work. And since they also won't know your brand of router, their arsenal of router exploits is further limited. The triple crown protection benefit is the simple software that controls the router's traffic directing: it's small, and much easier to keep secure than Windows.

A router is a very safe investment for anybody with an always-on broadband Internet connection. The latest routers come with more advanced firewall software built in for added protection. When shopping for a router, look for one that advertises a built-in firewall with both SPI (Stateful Packet Inspection) and NAT (Network Address Translation).

15.7.2. Software Firewall

Whereas a hardware firewall sits between the PC and the Internet, a software firewall lives inside the PC itself, inserting itself between the Internet and your programs. Software firewalls come in two types: one-way, and two-way.

One way firewalls simply turn away any unrequested information coming from the Internet. That's enough to stop many worms from slipping inside your PC. Windows XP's built-in firewall (see below) is a one-way firewall. Like most one-way firewalls, it's small and easy to live with.

Two-way firewalls, like one-way firewalls, also keep things from entering your computer without permission. But a two-way firewall keeps things from leaving your computer without permission as well. That lets you catch spyware, key loggers, back doors, and other programs that slip into your PC, and then try to notify their creator of their whereabouts.

That second layer of outgoing protection places a big burden of inconvenience on you, however. The firewall asks you questions like, "Should AcroRD32.exe be allowed to connect to the Internet?" Unless you already know that AcroRD32.exe is Adobe's Acrobat Reader checking for a newer version, you're left feeling like a 5-year old in a calculus class.

Fortunately, plenty of other people feel the same way, and a search for any questionable program's name on Google usually turns up the answer immediately. Once you flag a program as Trusted, the firewall no longer bugs you about it. As a result, only your first few days with a two-way firewall are a nightmare; after that, the firewall rarely bugs you until you either install a new program or the firewall notices something evil trying to phone home.

Zone Labs (www.zonelabs.com) offers both a free and paid version of its two-way firewall, ZoneAlarm.

15.7.3. Windows Firewall

Service Pack 2 not only turns on Windows XP's built-in firewall, it also makes it difficult to turn off. For instance, the Network Connection Wizard, a requirement for setting up a new network, promptly firewalls every connection on your PC. If you manually flip Windows Firewall's On switch, Windows places a firewall on all your network-capable connections. It even protects your FireWire port from your digital camcorder.

To decide for yourself which connections the firewall protects, click Start Control Panel Windows Firewall. Windows Firewalls Properties page, shown in Figure 15-11, separates its controls into three tabs: General, Exceptions, and Advanced.

As soon as you turn on a firewall, adding that layer of insulation between your PC and the Internet's evils, the clamoring begins. Many Internet-connected programs like messengers and online games insist that you start poking holes in the firewall's protective layer so they can talk to the outside world.

Figure 15-11. Top: The General tab lets you turn on Windows Firewall. Since you want only one software firewall working at a time, Windows Firewall is smart enough to turn itself off when it spots another firewall. If you install an unrecognized firewall, come here to turn off Windows Firewall so the two firewalls don't interfere with each other.
Middle: Windows Firewall lists all your network connections here, letting you turn off the firewall for connections that don't need protection. Turn the firewall on for your dial-up or broadband Internet connections, for instance, but turn it off for your local network and FireWire port.
Bottom: The Advanced tab lets you grant safe passage to programs like AOL Instant Messenger that need to receive spontaneous communications from the Internet.

To add a program to Windows Firewall's exceptions list, follow these steps:

  1. Open the firewall's Exceptions tab .

    Click Start Control Panel Windows Firewall and then click the Exceptions tab, shown in Figure 15-11.

  2. Click Browse and navigate to the program's folder; click the program's name, and then click OK .

    The firewall adds that program to the "okay" list, allowing any program on the Internet to communicate with it.

Some programs want you to add portslittle communications portholesso they can talk to the Internet uninterrupted. To add a port to Windows Firewall's Exceptions list, you need to know two things from the program: the port number and the port's protocol (either TCP or UDP).

For instance, the World of Warcraft online multiplayer game wants you to open two ports: TCP port 3724 and TCP port 6112. Armed with that information, follow these steps to open those ports in Windows Firewall:

  1. Open the Firewall's Exceptions tab .

    Click Start Control Panel Windows Firewall and then click the Exceptions tab, shown in Figure 15-11.



  2. Tip: If your firewall ends up with so many exceptions and ports that you wish you could start back at square zero, do just that: press the Advanced tab's Restore Defaults button.
    POWER USERS'S CLINIC
    Testing Your Firewall

    Setting up and configuring a firewall is a lot of work with little visible reward. How do you know this thing's working, anyway? You could hang out on dark and dirty hacker's sites, begging the kids to break into your PC. But a safer test is to visit any of these sites:

    • ShieldsUP (www.grc.com)

    • Sygate Online Scan (http://scan.sygate.com/)

    • Planet Security Firewall-Check (www.planet-security.net)

    • Hackercheck (www.hackercheck.com)

    When you give the site permission, it reads your PC's IP address and sends it a flurry of port scans , informational packets that test for commonly exploited openings. In fact, it sends so many, your company's network administrator may start screaming and pulling plugs. Limit these tests to your own PCs.

    If you pass, your firewall's doing its job. If you don't pass, try reinstalling the firewall, making sure it's turned on, and then check its Exceptions list for unnecessary additions. Remember that each time you open a port on your firewall, you're adding a potential hole for intruders to locate and slip through.

    Before adding a program to your firewall's exception's list, ask yourself if it's worth the risk.





PCs
PCs: The Missing Manual
ISBN: 0596100930
EAN: 2147483647
Year: 2005
Pages: 206
Authors: Andy Rathbone

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net