ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

How personal firewalls work

PC World

June 21, 2000
Web posted at: 10:12 a.m. EDT (1412 GMT)

(IDG) -- Personal firewall: a technology that helps prevent intruders from accessing data on your PC via the Internet or another network, by keeping unauthorized data from entering or exiting your system.

Hackers don't just target national security organizations for cyberattacks: They want your tax returns, network passwords, or bank account numbers. And you don't want the FBI kicking in your door because someone hijacked your PC to participate in the latest denial-of-service attack on the Internet. Now that "always-on" broadband connections such as cable modems and digital subscriber line are becoming more popular, home users are at risk.


Fortunately, you can protect your data. Firewalls can block malicious attacks and protect your PC from outside threats.

Here's what you need to know:

  • A firewall can prevent an unauthorized user from accessing your PC, either from the Internet or from within your local network.
  • It blocks some Trojan horse programs and many hostile applications that seek to take over your computer.
  • New packages aimed at home users and small businesses are inexpensive and require little setup on your part.

When you're connected to the Internet, you're sending and receiving information in small units called packets. A packet contains the addresses of the sender and the recipient along with a piece of data, a request, a command, or almost anything having to do with your connection to the Internet. But just as with postal mail, not every package that arrives at your computer is one you want to open.

  PC World home page
  Keep your PC safe from intruders
  Here's How from
  Download free PC software
  Reviews & in-depth info at
  E-Business World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletters
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

A firewall examines each data packet sent to or from your computer to see if it meets a set of criteria. The firewall then selectively passes or blocks the packet.

Examining data for cracks

The criteria a firewall uses for passing packets along depends on the kind of firewall you use. The most common type you'll find for home and small business use is called an application gateway firewall.

An application gateway, often called a proxy, acts like a customs officer for data: Anything you send or receive stops first at the firewall, which filters packets based on IP addresses and content, as well as the specific functions of an application. For instance, if you're running an FTP program, the proxy could permit file uploads while blocking other FTP functions, such as viewing or deleting files. You can also set the firewall to ignore all traffic for FTP services but allow all packets generated during Web browsing.

Other kinds of firewalls include packet filters, which examine every packet for an approved IP address; circuit-level firewalls, which allow communication only with approved computers and Internet service providers; and the newest type, stateful inspection firewalls, which note the configuration of approved packets and then pass or block traffic based on those characteristics.

Packet-filter, circuit-level, and stateful inspection firewalls are mostly found in corporate network setups. They require major upkeep, so they aren't suitable for most smaller companies and home users.

Insurance for your home PC

If you work at a large corporation, odds are good that a firewall sits between you and the outside world. But the increased availability of cable and DSL service means you could spend more time connected to the Internet from home--and more time as a potential target for hackers. You're somewhat vulnerable even on short dial-up connections.

Unfortunately, most people become aware of the danger only after they become victims. With cyberattacks increasing, Chris Christiansen, an analyst with market research firm IDC, predicts that firewalls will be ubiquitous in five or six years.

But you don't have to buy an expensive, hard-to-maintain security system for your PC. Personal firewalls, usually based on the application gateway model, can keep you safe. These products don't require you to program complex restrictions. They'll guide you through a setup that asks you what you want to allow or block. They can also help you monitor intrusion attempts and protect you from most Trojan horse or spyware programs that let a hacker control your computer over the Internet. They can hide your identity while you surf, too.

Personal firewalls are available either as part of an integrated security suite or as stand-alone software. Symantec's $60 Norton Internet Security 2000 package, for example, bundles a personal firewall for Windows 95 and 98 with software for Web ad and cookie blocking, parental Web control, personal security, and virus scanning. If you don't want a whole kit, you can get firewall software such as Network Ice's BlackIce Defender, McAfee's Personal Firewall, or Zone Labs' free ZoneAlarm.

Companies including Cisco and Check Point make high-end firewalls, such as the ones used by corporate IS departments. These firewalls often come as part of a dedicated server and are usually incorporated into a company's overall security strategy, which may also include a virtual private network. Because of their complexity and cost, such firewalls aren't a good option for small business or home users.

Firewalls move into the mainstream

While most personal firewalls are available now as software that you install on your PC, IDC analyst Christiansen predicts that firewalls will be integrated into hardware in the next few years. That means the next DSL or cable modem you buy or lease may have a firewall already installed.

To make maintaining a firewall easy, Christiansen says, companies will offer subscription services. You'll pay $50 a month and the company will make sure your firewall is up-to-date. That maintenance is key to keeping your data safe: As soon as hackers hear about a weakness in a firewall, they hunt for people who haven't upgraded to the latest version and break in.

As our dependence on the Internet and computers grows, so will the personal consequences of a security breach. Whether to protect your personal information from theft or to keep your PC from being hijacked by a hacker, installing a personal firewall makes sense.

Linux on the PowerPC
June 12, 2000
Second line of defense: Distributed firewalls
June 6, 2000
Security hole found in Network Associates firewall
June 2, 2000
FBI, DOJ issue list of worst Net threats
June 2, 2000
Top 10 security utilities
May 22, 2000

Popular firewall vulnerable to denial-of-service attacks
Security hole found in Network Associates firewall
Holes found in Cisco firewalls
(Network World Fusion)
Securing your DSL against hackers
(Network World Fusion)
Second line of defense
(Network World Fusion)
Keep your PC safe from intruders

Gibson Research's Internet Connection Security for Windows Users
National Institute of Science and Technology's Introduction to Internet Firewalls
Symantec's Norton Internet Security 2000
Network Ice's BlackIce Defender
McAfee's Personal Firewall

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.