Firewalls_and_Security-Devices

[Company Logo Image]

Hit Counter

140 Village Shopping Center Westminster, MD 21157 (410)- 848-7100

Firewalls can effectively "Help" many computers remain safe and secure

PC's and PC Networks are becoming increasingly vulnerable to attack
- Attacks are growing more sophisticated, and automated every day with the amount of viruses, Trojan horses and other methods of circumventing your protection mechanisms
Filtering data before it gets to your PC (internet router based, or high speed modem based firewalls) are only part of the answer
- Having a second firewall (host PC based - such as Windows XP firewall) should be standard on every computer, in addition to firewalls being on the internet router or modem

Firewalls serve more than one purpose

A firewall controls what data can be passed from the internet or an outside network onto your PC
- Firewalls include protection levels that can stop your PC from sending information out to the internet, or other public network if you create rules against such data leaks (i.e. social security numbers)
You can even establish certain "hours of availability" for your PC or networked PC's to stop internet traffic from occurring (for example - stopping your child's PC from accessing the internet during certain hours of the day)
- Establishing specific internet sites for use as you may allow, which may be more reasonable in certain circumstances than allowing "all internet sites" and then trying to monitor "after the fact" what sites have been visited

Firewalls are not impervious to attack (or) "compromise"

PC's and PC Networks are always vulnerable to attack - whether the attack is internal to your network (e.g. you have a user, or possible virus activity trying to compromise your security) it can always be compromised eventually from external sources (such as the internet)

There are two primary types of Firewalls

Network firewalls - protect PC networks at the perimeter and usually aid against attack from outside sources (and/or) from inside penetration attack methods
Host-Based firewalls - provide protection to the individual PC even when connected to an additional PC network
- Most commonly a host-based firewall prevents your PC from being attacked individually

Firewalls filter traffic

Firewalls tend to either block everything that isn't allowed by creating rules, or they follow a preset rule guideline that is set up by the firewall manufacturer or program vendor
- Firewalls most commonly referred to as hardware firewalls are usually considered to be edge network firewalls
  - Many edge firewalls filter requests (both to and from) outside networks, such as the internet
Most firewalls require that you verify any requests that are to be answered from the outside network (most commonly the internet), and data is only allowed to pass through and open up your PC defenses if the request is verified to have been issued by your PC
- An example may be sending a request across the internet for you to visit a certain website (www.zonelabs.com)
  - The request may be verified by your firewall and authenticated as having been a request that was issued from your PC, before you are allowed to visit the actual website

Firewalls can be configured beyond the factory presets

If you don't ever change your firewalls settings, you may be more vulnerable to outside attacks
Most software programs work by issuing requests for traffic to be used on an open port
- Most ports "by default" are already well known for most programs and many are publicly advertised on the internet
- Modifying the ports your programs use helps harden your defenses against attacks, but you should always document what ports you open and keep the list in a safe and secure place

Stateful inspection is the process of inspecting data that reaches a firewall and maintaining the state of the connection by allowing or disallowing packets to pass based on the firewall policy

Application Layer Filtering

Application layer filtering uses an information request "verification process" that checks incoming and outgoing requests and insures the request is not an actual attack in disguise
- Forms of application level filtering include blocking specific words from being accessed on the internet, or blocking content based on a profanity list
  - Other forms of firewall setup in this method includes blocking specific websites from being used by name blocking them on a "hosts" black-list, or allowing sites based on a "white-list"

Proxy - and NAT/PAT (Network Address Translation/Port Address Translation

PC's can be set up to filter all traffic requests through a particular machine (proxy) where all requests are filtered to block or allow content based on a set of rules you may define in detail
- In computer networks, a proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers
Network Address Translation (NAT, also known as Network Masquerading, Native Address Translation or IP Masquerading) is a technique of transceiving network traffic through a router that involves re-writing the source and/or destination IP addresses and usually also the TCP/UDP port numbers of IP packets as they pass through.

Using a DMZ - (De-Militarized Zone)

Generally, any service that is being provided to users in an external network should be placed in the DMZ
- The most common of these services are web servers, mail servers, and DNS servers
The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN)

All computers should have proper firewall protection!

No PC is impervious to attack or compromise, so the only wrong decision is to not install a firewall or to disable the protection it affords your PC or network!