Firewalls:
Why you need at least one at the office… and at home!

In the not-so-recent past, communication and file sharing in the office was accomplished via “sneaker net”: Walking a file stored on floppy disk over from one computer to another. Any connection to the outside world was through a 28.8 modem. Most security threats were internal as there were not very many connections to the outside world, let alone broadband connections. The World Wide Web was in its infancy and no one was blaming Microsoft for Internet Explorer security issues yet, as IE didn’t exist. In fact, the first browser, Mosaic, was still the brainchild of a group of people at the University of Illinois. Lots of things have changed since then. Analog modems are almost a thing of the past, relegated for use as a last resort only. People have DSL, Cable, T1 or better connections not only at the office, but also at home. With that speed can come an increase in security threats and the need for firewalls.

Protection Comes In Layers

If you have read my articles in the past, you know that I advocate making sure your software is up to date and running antivirus software, anti-malware software and guarding against spam and the threats it poses.

In today’s environment, having a firewall is equally important. But a firewall is more than a piece of software, a hardware appliance or both. Its implementation is made up of several layers. The best practices for a machine at the office behind a corporate firewall differ from those of laptop users who travel or home users. Having multiple layers of protection is the key for protecting your system and data from unauthorized access.

Anatomy of a Firewall

A firewall consists of a hardware appliance, software application, or preferably, a combination of both. Firewalls prevent unauthorized programs or Internet users from accessing a private network. They function as a “traffic cop” for your network or computer. Any and all information entering or leaving the network must pass through the firewall, which examines the

information transmission at the packet level and, based on a series of rules, allow safe packets through and block packets that do not meet defined security criteria for the firewall. It’s really just that simple. Personal Firewalls are used for single computers, typically for laptops and home computers, although many companies are seeing the benefit of layers of protection and enabling the personal firewall that is part of Windows XP SP2, or adding the protection of third party firewall software from other vendors. At the corporate level, there are hardware solutions that employ both appliance (hardware-based) solutions and those that run on a server that are application (software)-based.

Personal Firewalls

Personal firewalls typically provide the functions of a firewall for a single computer. Personal firewalls usually come in the form of a software application program, as opposed to a hardware device used for corporate firewalls. Personal firewalls function under three rules. These three rules are: Allow, Block and Ask. The functions of the rules break down like this:

• Allow Rule: The personal firewall allows some traffic to flow. This is usually traffic that is known to be "safe". After installing the personal firewall software, you configure traffic you know you will need: Outlook, Internet Explorer, business applications, etc.
   
• Block Rule: The personal firewall blocks some traffic. This is usually traffic that is known to be problematic or dangerous to your computer, such as unauthorized access through attempted access that was not solicited.
   
• Ask Rule: The personal firewall Ask rule can be tailored to your environment. It monitors inbound and outbound traffic and traffic requests. If the Allow and Block rules do not apply, the firewall asks you whether to permit your applications to access network resources. Most firewalls will then provide you with the option of storing the answers to your responses. The firewall then remembers those responses for the future, so that you do not have to again give permission.

Personal firewalls are the most important first line of defense for computer security, and that is why many corporations deploy them not only on laptops but also on towers that do not travel. Having a firewall installed and in place provides one more layer or security, a wall around your computer that lets only approved traffic through. It helps keep hackers out and helps stop the spread of many computer viruses and worms, just as anti-virus and anti-spyware software provide their levels of protection.

Hardware Firewalls

When protecting a group of computers on a LAN / WAN, you should have a hardware firewall, which protects the entire network against outside attacks. Some implementations of hardware firewalls are dedicated hardware that provide the same kind of functionality as a personal firewall, but are configured and optimized for use            by many machines on the network. Software versions of the “hardware’ firewall also exist, based on a PC or RISC computer whose sole function is provide that firewall between the inside and outside worlds. Hardware solutions can be quite complex to configure as you have to consider all the security concerns and security and communication needs of a vast array of applications on multiple computers.

Other Considerations

Some home-networking hardware, often used in the SOHO (small office home office) environment, like wireless access points and broadband routers, come with built-in hardware firewalls. Many also employ NAT (Network Address Translation) so the IP address you get from your ISP is not directly mapped to your machine and any ‘shares’ you may have. It is highly recommended that you still use a personal firewall, anti-virus and anti-spyware software. Each are great ways to secure your computer and provide layers of support for your machine. Just don't stop there. After adding the layers of defense, you should also make certain your operating system and applications are properly patched. Due to bugs and unforeseen uses, many programs can inadvertently provide hackers "back doors" right onto your computer. In most cases, you should download and run the latest patches for your programs. Especially dangerous security vulnerabilities are usually fixed very quickly by software companies, hopefully before many hackers take advantage of them. The longer a security bug is known, the easier it is for hackers and the viruses and worms they create to exploit them. You really must always run the latest patches--especially in your operating system, but make sure your applications will run under the patches before you apply them. I also recommend that you avoid open source browsers and applications on not only corporate systems but also on home systems. While I know this may be unpopular, all too often those applications can cause problems with the so called ‘standard’ applications making you vulnerable to attacks and exploits that get very little press. Let’s face it, if a Microsoft flaw is discovered, the press is all over it, everyone knows it and can quickly get a patch!

How can I get more information on this subject?

You can get more information about this subject? Well if you have support with us, ask us. Often times we will have additional suggestions about new solutions or emerging best practices. You can also find very good information for home users at http://www.personalfirewallday.org/. If you have questions or comments about this article, contact me (JohnBoline@hagerman.com).

All product names / logos, company names / logos are copyrights of their respective holders.  John Boline is an MCSE, CNE, USE and a member of the Network Professional Association. The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Entire contents © 2006 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden

This page last edited on Tuesday, September 19, 2006