Firewalls


The moment that your computer connects to the Internet by any means, it becomes vulnerable to just about anyone else on the Internet. Anyone who knows the IP address of your computer, or is scanning blocks of IP addresses, could be looking for known and unknown vulnerabilities that they can use to compromise your Windows installation. Quite often your computer is scanned by viruses and Trojans that have infected other computers on the Internet and are trying to spread themselves to more systems.

Tip

An IP address, which is short for Internet Protocol address, is a value assigned to your computer by your Internet service provider or network administrator to identify your computer on a local or wide area network (like the Internet). For more information on IP addresses, refer to Chapter 7, "Networking Windows."


There is a lot of junk traffic on the Internet that is caused by these viruses, Trojans, and attackers . Applications that filter out a lot of this junk and block it from ever getting to the core of your operating system are called firewalls. This very intelligent software works closely with the various layers of network communications. When information is sent across a network using the most popular protocols, a connection is established between the two computers at specific port numbers . For example, when I visit a website, my computer connects to port 80 on the machine the domain name points to. Firewall software works by blocking anyone from trying to connect to the ports on your computer, except the ones you tell it people are allowed to connect to.

By using firewalls, you are greatly limiting the ways your computer can be attacked on the Internet. Even if new vulnerabilities are discovered , the use of a firewall alone may protect your computer because attackers or viruses and Trojans cannot connect to your computer on the port the vulnerability exists on because the firewall is blocking them. As you can see, a firewall is one of the greatest defenses against getting attacked on the Internet.

There are two different variations of firewalls on the market: hardware firewalls and software firewalls. Software and hardware firewalls behave and work similarly; the difference is that hardware firewalls are separate physical machines that are located on a network and filter all network traffic going through them. Software firewalls are just special software applications that run on your computer on top of the operating system. The advantage of a hardware firewall is that it can protect a number of computers while a software firewall can only protect the computer on which it is installed. This book focuses exclusively on software firewalls.

How Software Firewalls Protect Your PC from Attacks

Software firewalls all operate using a similar methodology. All data routed into and out of your PC is done using ports . The firewall software is configured to monitor these ports and only allow traffic on those that are specifically enabled to do so, while blocking all other traffic. When a remote computer attempts to connect to your computer on a port that the firewall has blocked, the connection is prevented. Most software firewalls have no ports open by default, blocking all of them. This protects your computer from attacks because even if your computer may be vulnerable to a specific security hole, a remote computer trying to infect you cannot connect to it in the first place.

Obviously, blocking every port on your system at all times is impractical . Completely closing off all traffic into your system would cause problems for any applications on your system that make use of the of a LAN or the Internet, including web browsers, instant messenger applications, or online computer games . Consequently, it is possible to open up ports to allow required network traffic into your computer. Most firewalls allow you to specifically set permissions for allowing specific programs to use specific ports while denying all others. However, whenever you open up a port, both good and bad traffic can get through.

To fight that problem, most modern firewalls have a feature called packet inspection . Packet inspection looks at the packets that it lets through for known vulnerabilities. This is a good feature to have, because it helps protect you even when you open up some holes in your firewall by opening up ports. Currently the firewall that comes with Windows XP does not support this feature.

Most third-party software firewalls not only inspect incoming network traffic, but also outgoing data. This is an important feature, because there are any number of ways for a virus or Trojan to infect your system and then send data out to the Internet from your PC. Firewalls that monitor outgoing traffic stop any unknown transmissions from leaving your PC until you specifically allow them to go through.

When you are configuring your software firewall's settings, keep in mind that the best policy is to block everything. Only open up the ports you absolutely need!

Windows Firewall

Any user who is connected to the Internet should have some form of firewall protecting their computer from the outside world. The Windows Firewall is the perfect solution for most computer users.

Windows XP has been shipped with a firewall ever since it was released and it's the first Windows OS to do so. However, because it was not enabled by default, many users never even knew that it was there to protect them. Initially, it was also far weaker than many of the third-party software firewalls available. Windows XP Service Pack 2 has made many changes to the Windows Firewall. It has made it more powerful and more effective. Additionally, it has made it much easier to turn it on, as users have the opportunity to do so during the installation of Service Pack 2.

Windows Firewall is a very basic firewall when compared to all of the options out there. More advanced firewalls not only monitor incoming traffic but also monitor outgoing traffic, and can tell you if you have some program on your computer trying to send information out without your knowledge, such as a program that is stealing your personal information.

If you do not already have the Windows Firewall enabled on your computer and you want to do so, it is easy to enable. First, make sure that you are using Windows XP and have Service Pack 2 installed. Then open Control Panel in Classic view and click on the Windows Firewall icon. Select On and click OK .

Configuring the Windows Firewall is also very simple, because it is a very basic firewall. To configure its options, just open up the firewall settings again using the icon in Control Panel and select the Advanced tab. This is where you can specify which connections the firewall will protect, the individual port settings for each connection, the ICMP settings, and logging information, as well as the ability to restore the firewall to the default settings as shown in Figure 8.7.

Figure 8.7. Windows Firewall advanced settings.


Individual Connection Settings

Each of the network connections that you have the firewall enabled for can be configured separately to have different ports opened and closed. This allows you to run various services on your computer, such as an FTP or web server, and allow access to the data behind your software firewall by the outside world.

If you have more than one connection on your computer, such as a wired network connection and a wireless, you can configure each separately so that you only need to open the ports on the connection that you use an application on for greater security. For example, you may play games on your computer that require a specific port to be opened while you are at home using your wired network connection. Opening the port on your wireless connection as well is not needed in this situation and just poses a security risk.

To allow the outside world to access services, you will need to open "holes" in the firewall so that it does not filter out traffic on that port. Opening holes in the Windows firewall is very simple. While on the Advanced tab of the Firewall Settings window, highlight the connection you want to edit from the list and click the Settings button. This displays the Advanced Settings window, as shown in Figure 8.8, listing some predefined services that you can check to open up access to through the firewall.

Figure 8.8. Windows Firewall service settings.


To open a service for access from the outside world, just check the box next to the service if it is already on the list. Otherwise, you will need to click on the Add button to create a custom service.

If you need to create a custom service and have clicked the Add button, just enter in the name of the application you are opening a port for in the Description box. Then enter the port number that you need to open in the External and Internal port boxes and click OK (this port should be specific by the developer or publisher of the software).

ICMP Settings

ICMP is short for Internet Control Message Protocol, which is normally used by network administrators as a suite of commands that can be used to monitor and diagnose network issues. Unfortunately these commands can also be used to create excessive traffic on a user's connection and slow down networks. One of the most popular ICMP commands that you have probably heard of is the ping command.

These commands, as shown in Figure 8.9, can be very useful if you are trying to test and configure a local area network or work on your Internet connection, but they have no other practical uses in the general business of using the Internet.

Figure 8.9. Windows Firewall ICMP settings.


Because of their nature, it is best to have the firewall disable them unless you temporarily have a use for them. To do this, on the Advanced tab of Firewall Properties, click on the Settings button under the ICMP section. Then, just check or uncheck the various types of messages allowed.

Limitations of the Windows Firewall

The Windows firewall is a basic firewall. It only monitors incoming traffic and does not monitor outgoing traffic as many other software firewalls do. Additionally, the firewall does not do any sophisticated packet inspection to see what is really inside the traffic that it does allow through the firewall, which more complex third-party firewalls usually check. That said, even though the Windows Firewall has its limitations, it still provides a big help in securing your computer and offers far more protection for your system than not using a firewall at all.

Third-Party Firewalls

There are a wide variety of software firewalls on the market. Most of them are not free but offer a level of protection much higher than the Windows Firewall that comes with Windows XP. Some of the common features that add another level of protection provided by commercial third-party firewalls includes

  • Intrusion Detection Systems. These are advanced systems that do packet inspection looking for known signatures of "bad" data trying to get into your computer.

  • Process Communication Monitoring. PCM looks at the traffic that is sent between services running on your computer.

  • Outgoing Data Monitoring. Firewalls with this feature look at all of the outgoing data that is sent from your computer. Many firewalls just block incoming data, but firewalls with this feature also can block data from going out. This would be especially useful if your computer got infected with spyware. In this scenario, the spyware would not be able to phone home your personal information.

Norton Personal Firewall 2005

Norton Personal Firewall, available as part of Norton's Internet Security suite of applications, is one of the most popular firewalls used to protect Windows. It has all of the features that the built-in Windows Firewall has, plus additional features such as intelligent packet filtering, intrusion detection systems, and monitoring of all outgoing traffic to make sure that none of your files or other sensitive data are sent over the Internet without your knowing about it.

With Norton Personal Firewall 2005, new features were added to help users with the growing number of phishing scams on the Web. With Norton Personal Firewall 2005, when you submit your personal information to a website, the firewall makes sure that your data is going to a site that you configured as a site you trust. Now, when you get those one of those emails and accidentally take it for real, the firewall will catch your error for you.

Note

Phishing scams are fake websites that are made to trick visitors into giving their personal information, such as social security number and bank account numbers, to websites that they feel are of legitimate origin. One common Phishing scam is an email sent from a person pretending to be your bank asking you to log in to their website to verify your account information. When you click the link you do not go to the real website, but the fake one they set up.


Using Norton Personal Firewall is fairly simple. Once the application is installed, the main interface is shared with any other Symantec software you have installed on your computer. Figure 8.10 shows the home screen of Norton Personal Firewall integrated with Norton Anti-Virus.

Figure 8.10. Norton Personal Firewall.

Configuring Norton Personal Firewall is very easy compared to some other third-party firewalls. Just select the area of the program that you want to configure on the main screen and click the Configure button.

Configuring the firewall can be done on a per-location basis, which is very useful if you have a laptop that you carry around to many different networks. Most likely, you will want to have your laptop more secure on a public Wi-Fi network at a coffee shop than at work on the corporate network. Additionally, your needs will be different at each location, so it is a big advantage that you can customize the "holes" in the firewall depending on the location.

To make managing the firewall easier, pre-configured security levels are set up within the firewall configuration settings. However, specifically opening up a port for a service such as a web or FTP server is a little more difficult and buried in the application. To open up a specific port, after you click on the Configure button when Personal Firewall is selected on the main screen, you must then select the Advanced tab and then click the General button. On this screen, you can click the Add button as shown in Figure 8.11 to add additional rules to the selected network connection firewall settings. An easy-to-use wizard will guide you through the steps of setting up the new rule that will open up your firewall on a specific port.

Figure 8.11. Opening a port with Norton Personal Firewall.

Norton Personal Firewall is not free but is priced on the lower range of the commercial firewalls. Although it has some of the best features in commercial software firewalls, it lacks some of the control and flexibility over firewall rules some other firewalls provide.

A trial version as well as more information on Norton Personal Firewall can be found at http://www.symantec.com.

Using Tiny Personal Firewall Professional 2005

Tiny Personal Firewall is an advanced firewall that is aimed at users who want total control in customizing traffic rules for both incoming and outgoing traffic. Published by Tiny Software, Inc., it can be downloaded at http://www.TinySoftware.com. Tiny Personal Firewall is also one of the more expensive software firewall options, retailing close to $100.

Tiny Personal Firewall provides all of the features the basic Windows Firewall provides in addition to the ability to automatically filter outgoing traffic. One nice feature of Tiny Personal Firewall is it already knows which processes running on the computer are operating system processes and adds them to the trusted list automatically. This spares you from getting bombarded by dozens of notifications regarding whether to allow or block certain types of traffic as you do with other third-party firewalls. However, if you want to block all outgoing traffic whether it is legitimate or not, this feature could be more of a hassle for you.

The core of the firewall is the Activity Monitor, which shows you all of the current network connection attempts, both incoming and outgoing. I personally like the Connections tab, which shows you all of the current connections established to and from your computer, how much data has been received and transmitted through them, and the current speed of transfer, as shown in Figure 8.12.

Figure 8.12. Tiny Personal Firewall network connection information.

The Administration Center is where all of the network access policies are managed. The management of network policies is similar to Microsoft's enterprise firewall software called ISA Server. Anyone familiar with that system will be right at home with Tiny Personal Firewall. However, using the extensive options of Tiny Personal Firewall may be frustrating and annoying for some users.

Because the administration is much more complex and extensive than other software firewalls I recommend that you use a more simple to administer firewall such as the Norton Personal Firewall or the free Sygate Personal Firewall if you just want basic functionality plus the ability to monitor and control outgoing traffic. If you want the maximum amount of flexibility over what is going on with your network connection, Tiny Personal Firewall is the firewall for you.

Using Sygate Personal Firewall

The Sygate Personal Firewall (non-professional version) is a free third-party firewall that replicates all of the functionality of the built-in Windows Firewall but also adds the ability to block outgoing traffic for all applications or just specific applications.

After installing the firewall, you will be surprised how many processes running on your computer request to have access to the Internet. Every time a process attempts to access the Internet, a screen will pop up as shown in Figure 8.13.

Figure 8.13. Sygate Personal Firewallapplication access notification.

As shown in Figure 8.13, the user has a few options to handle the requests . After the first couple of times you boot your computer, the mass amount of notifications will subside as the program learns what to do with your normal traffic.

Another feature of Sygate Personal Firewall is the graphical charts , shown in Figure 8.14, and the extensive logs that show all incoming traffic attempts and outgoing traffic attempts that were blocked.

Figure 8.14. Sygate Personal Firewall in action.

Sygate also offers a professional version of its personal firewall software, which has additional protection similar to Norton Personal Firewall and Tiny Personal Firewall. It is also priced similar to other "professional version" firewalls. More information on Sygate Personal Firewall, both the free and professional versions, can be downloaded at http://smb.sygate.com.




Upgrading and Repairing Microsoft Windows
Upgrading and Repairing Microsoft Windows (2nd Edition)
ISBN: 0789736950
EAN: 2147483647
Year: 2005
Pages: 128

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net