by NOWAYWINS

Only a few hours after you successfully configure your long-awaited DSL or cable-modem Internet connection, you realize there are a lot more people interested in your connection than just you. Although security is a concern when you have a dial-up connection, permanent connections to the Internet invite the curious and malicious to investigate your new online home any time of day. Hackers, viruses, and privacy infringements are the most common security concerns.

"Firewall" is just a generic term used to describe a variety of security techniques used to safeguard your Internet and network connections. It seems absurd, but that single phone line or cable connection that connects your PC to the Internet gives potential intruders multiple points of access into your PC. The TCP/IP (Transmission Control Protocol/Internet Protocol) protocol used to access most of the Web content and files Internet surfers work with has more than 65,000 ports associated with it, which are places where data is allowed to pass from the Internet to your computer.

Savvy hackers can figure out which ports are most likely to be accessible and concentrate their efforts on breaching those. Lazy and less skilled individuals use automated port scanners that send data to each port to see how it is handled. Potentially weak ports are flagged and logged for further probing. Monitoring and protecting all these ports is an essential function of a firewall.

Firewall Basics. The best firewalls use a combination of techniques to stave off the widest variety of attacks. Only the best products use all of the available security technologies, but fortunately personal firewall users don’t necessarily need the advanced protection offered by the best (and most expensive) firewalls.

Packet filtering. Data is transmitted over the Internet in the form of packets, which are small bits of a larger file that are reassembled into their original form when they arrive at their destination. At minimum, each packet has a header attached to it containing the IP address of the transmitting PC and the IP address of the computer or network that the packet is meant for. It is the firewall’s job to inspect incoming and outgoing packets to make certain they comply with the security rules established by the firewall’s administrator. Packets that don’t make the cut are blocked from penetrating any further (or exiting the network, if they originated from the inside). This is called packet filtering, and it’s something every respectable personal firewall can do.

Firewalls can also be used to establish security settings for individual applications that access the Internet, as well as settings for a secure connection between two PCs. These techniques are called gateways because they are used to determine exactly what may pass through the firewall regardless of whether the data is coming or going.

Application gateways are very desirable for personal firewall users because they are generally easy to configure and understand. Using a personal firewall , it is possible to either grant or deny permission for applications installed on your computer to access the Internet.

Having to inspect each packet that comes into your network is a time-consuming job for the firewall; that’s why some products use circuit-level gateways to speed things along. This type of gateway is set up when you establish a direct connection to a remote PC. The firewall does its normal job of inspecting packets and making sure everything is okay while the connection is being established. Once the firewall is satisfied that the connection is secure, it lets packets on that particular connection pass freely. This eliminates the inspection time and speeds overall file transfers.

Extra frills. Modern personal firewalls offer much more than the fundamental features we’ve outlined. Some, use advanced techniques to gather more information about attackers when they detect suspicious activity. Using this information, it is usually quite possible to at least find out the network where the attack originated, and from there it usually isn’t difficult to inform the network administrators that someone using their systems is up to no good.

The firewall you choose should at least include some logging and reporting features that keep a running count on the numbers and types of attacks the firewall is seeing, and then give you more detailed information about the severity of the attacks. Nearly every personal firewall we’ve tested has the ability to save all security events to a log file; we recommend you enable that option.

Firewalls are not foolproof, and the way they handle incoming packets can sometimes let a skilled or persistent intruder know much more than he should. For instance, when a suspicious packet is intercepted by the firewall and marked for banishment, it can be dropped in one of two ways. The firewall can either reject the packet, which sends an error message to the transmitting computer, or deny the packet, which silently drops the packet without making a peep to the computer transmitting data.

If a knowledgeable intruder gets an error message from a rejected packet, he will know that you have a firewall installed and can proceed appropriately. If he was scanning blindly and the packet was denied, he will have to assume that no computer is associated with the IP address the packet was sent to, and then will move on to another address. However, if the intruder is monitoring your ISP and notices that there is a computer assigned to the scanned IP address, denied packets will tell him that he is dealing with a firewall that happens to be operating in stealth mode. There is no single best solution, but the most robust firewalls will let you manually configure how the firewall handles incoming packets on a port-by-port basis. For home users, we strongly suggest using denial because most of the potential intrusions we have intercepted on our test machines seemed to be blindly hitting us with automated port scanners, and it’s best that potential intruders don’t even think your computer exists on the network.

There’s also the problem of security glitches with the firewall software or hardware itself, due to programming oversights. For example, a few iterations of the ZoneAlarm software inadvertently let intruders access port 67 without the firewall’s knowledge; this gave intruders the virtual foot-in-the-door they needed to run an entire port scan undetected. This security hole was patched up in later versions of the software, but visit the Web site of your firewall’s manufacturer frequently for alerts and patches. A sloppy approach to configuring and updating your firewall leads to more problems than any inherent deficiencies any of the products have.

Also be aware that personal firewalls are only the first line of defense in any comprehensive security strategy. Even the best firewall in the world has to let data pass through that you specifically request, and that’s the way most viruses and other malicious programs find their way into your system. Always inspect files and e-mail attachments that pass through your firewall with an up-to-date antivirus package, and learn more about encryption software that can keep your sensitive data relatively safe even if an intruder manages to break into your computer or network. Stay proactive, because there’s always someone just waiting to exploit the latest security hole on a vulnerable computer.

[Notes: The above article was based on one written by Tracy Baker for SmartComputing, How in The Internet Works series, Part I; February 2001• Vol.5 Issue 1, Page(s) 177-180 in print issue entitled "Personal Firewalls Block Out Bad Guys: Protect Your Data From The World" and may be accessed in its entirety by clicking here.]

Are You Vulnerable?

It’s likely that you’ll at least install a free software firewall after reading this article, but how will you know if it’s working? There’s really no good way to probe your PC without advanced network knowledge, so it’s best to let one of the many automated security audit Web sites do all your work for you. These sites use a variety of standard techniques to scan your Internet ports for weaknesses and most can generate helpful reports that show your connection’s weaknesses and provide tips on how to plug the holes.

Some sites may ask you for an IP address before you begin. We would normally tell you to never divulge this information, but in the cases of the sites profiled below everything is kosher. These sites need the information because if they scan the wrong IP address you will see the test results for another computer. As long as you are using Windows 9x or Windows Millennium Edition (WinMe) you can easily find out your IP address: Click Start, Run, and type WINIPCFG in the Open box. Click OK and use the drop-down box in the IP Configuration window to ensure that your dial-up adapter or modem is selected. The number you are looking for is in the IP Autoconfiguration Address box. Write it down for future reference, and note that it may change the next time you connect to the Internet (this is especially true for dial-up modem connections).

Your first stop should be Gibson Research’s Shields UP! at http://www.grc.com/. Follow the Shields UP! links until you get to a Web page with Test My Shields and Probe My Ports buttons and use them to initiate a battery of tests that will give you a good idea of how secure you really are. Try running it with and without your firewall enabled to see what a major difference it makes.

For an even more complete scan, head to Wallyware’s HackerWhacker site at http://www.hackerwhacker.com/. Click the Quick Scan link to start the process and have a legitimate e-mail address ready. You can only get one free scan at the site before you have to pay for their services, and we recommend leaving your firewall on during the free test so you can see if it has any weak spots. The company also offers a far less involved firewall test that can be used at no cost as often as you would like at http://www.networkscan.com/. You may want to use the free service first without your firewall enabled so you can find any weaknesses with your system. Then you can enable your firewall and try the more involved scan to see if it cured all your security problems.

Finally, try E-Soft’s Security Space tools at http://www.securityspace.com/. You can sign up for free to access either their gratis or fee-based tests, and they go far beyond the basic port scan. It also is possible to probe your firewall for specific weaknesses, see if your browser is secure from a variety of common attacks, and check the integrity of your Web server if you run a Web site from your computer. If you want to get serious the company offers a variety of fee-based services that will give your entire computer and all connections a thorough workout.

Terms To Know

header-A small bit of information attached to each packet that includes at minimum the source and destination address for the packet.

intranet-An internal network in a single office or throughout a company with several offices. These networks are used to share resources such as laser printers, as well as common files and storage space on file servers. Intranets use the same network technologies, such as (TCP/IP), as the Internet and are often connected to the Internet.

IP (Internet Protocol) address-Every computer connected to the Internet has to have a unique IP (Internet Protocol) address; otherwise requested information will not know what computer it is supposed to be delivered to.

log-A file that is automatically updated each time an attack is made on your computer so it can be permanently recorded and reviewed at your leisure.

packet-The IP that forms the basis of the Internet requires that all files transmitted between computers be chopped up into tiny pieces called packets. The packets contain address information that gets them routed to their ultimate destinations, where they are reassembled into carbon copies of the original file.

protocols-Standardized "languages" that let hardware devices (and software applications) communicate with one another.

TCP/IP(TransmissionControl Protocol/Internet Protocol-IP is the fundamental data protocol of the Internet, but the Transmission Control Protocol (TCP) rides on top of it and lays down the rules for most of the data transfers that take place on the Internet. TCP temporarily creates a direct link between two computers and ensures that packets arrive in the order they were sent.

What It Protects You From

There are many creative ways that unscrupulous people use to access or abuse unprotected computers:

• Remote login: When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer.




• Application backdoors: Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program.




• SMTP session hijacking: SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace.




• Operating system bugs: Like applications, some operating systems (http://www.howstuffworks.com/operating-system.htm) have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of.




• Denial of service: You have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.




• E-mail bombs: An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages.




• Macros: To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer.




• Viruses: Probably the most well-known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data.




• Spam: Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie (http://www.howstuffworks.com/cookie.htm) that provides a backdoor to your computer.




• Redirect bombs: Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up.




• Source routing: In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default.

Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e-mail.

The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.

One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind.

[Notes: The additional information found here was cut and paste from the same page as portions of the article referenced above.]

Other Articles This Issue:

Article: Forward This To All Your Friends

Article: CheetaChat Review by AngelPie_Mouse

Article: E-Mail Usage and Etiquette

	V1;I11 -- Page One
	Newsletter Page
	Main Page

You are visitor to this page.

This page and most of the graphics appearing on it were created by

exclusively for The Club Founders' Yahoo! Chat Club.
Title graphic developed from firewall.gif created by
Leif Erik Olson for his homepage, The Raven's Loft

It is best viewed on a 800x600 screen set for True Color
with or and
is hosted by . Get them NOW!