|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
How personal firewalls work
(IDG) -- Personal firewall: a technology that helps prevent intruders from accessing data on your PC via the Internet or another network, by keeping unauthorized data from entering or exiting your system.
Hackers don't just target national security organizations for cyberattacks: They want your tax returns, network passwords, or bank account numbers. And you don't want the FBI kicking in your door because someone hijacked your PC to participate in the latest denial-of-service attack on the Internet. Now that "always-on" broadband connections such as cable modems and digital subscriber line are becoming more popular, home users are at risk.
Fortunately, you can protect your data. Firewalls can block malicious attacks and protect your PC from outside threats.
Here's what you need to know:
When you're connected to the Internet, you're sending and receiving information in small units called packets. A packet contains the addresses of the sender and the recipient along with a piece of data, a request, a command, or almost anything having to do with your connection to the Internet. But just as with postal mail, not every package that arrives at your computer is one you want to open.
A firewall examines each data packet sent to or from your computer to see if it meets a set of criteria. The firewall then selectively passes or blocks the packet.
Examining data for cracks
The criteria a firewall uses for passing packets along depends on the kind of firewall you use. The most common type you'll find for home and small business use is called an application gateway firewall.
An application gateway, often called a proxy, acts like a customs officer for data: Anything you send or receive stops first at the firewall, which filters packets based on IP addresses and content, as well as the specific functions of an application. For instance, if you're running an FTP program, the proxy could permit file uploads while blocking other FTP functions, such as viewing or deleting files. You can also set the firewall to ignore all traffic for FTP services but allow all packets generated during Web browsing.
Other kinds of firewalls include packet filters, which examine every packet for an approved IP address; circuit-level firewalls, which allow communication only with approved computers and Internet service providers; and the newest type, stateful inspection firewalls, which note the configuration of approved packets and then pass or block traffic based on those characteristics.
Packet-filter, circuit-level, and stateful inspection firewalls are mostly found in corporate network setups. They require major upkeep, so they aren't suitable for most smaller companies and home users.
Insurance for your home PC
If you work at a large corporation, odds are good that a firewall sits between you and the outside world. But the increased availability of cable and DSL service means you could spend more time connected to the Internet from home--and more time as a potential target for hackers. You're somewhat vulnerable even on short dial-up connections.
Unfortunately, most people become aware of the danger only after they become victims. With cyberattacks increasing, Chris Christiansen, an analyst with market research firm IDC, predicts that firewalls will be ubiquitous in five or six years.
But you don't have to buy an expensive, hard-to-maintain security system for your PC. Personal firewalls, usually based on the application gateway model, can keep you safe. These products don't require you to program complex restrictions. They'll guide you through a setup that asks you what you want to allow or block. They can also help you monitor intrusion attempts and protect you from most Trojan horse or spyware programs that let a hacker control your computer over the Internet. They can hide your identity while you surf, too.
Personal firewalls are available either as part of an integrated security suite or as stand-alone software. Symantec's $60 Norton Internet Security 2000 package, for example, bundles a personal firewall for Windows 95 and 98 with software for Web ad and cookie blocking, parental Web control, personal security, and virus scanning. If you don't want a whole kit, you can get firewall software such as Network Ice's BlackIce Defender, McAfee's Personal Firewall, or Zone Labs' free ZoneAlarm.
Companies including Cisco and Check Point make high-end firewalls, such as the ones used by corporate IS departments. These firewalls often come as part of a dedicated server and are usually incorporated into a company's overall security strategy, which may also include a virtual private network. Because of their complexity and cost, such firewalls aren't a good option for small business or home users.
Firewalls move into the mainstream
While most personal firewalls are available now as software that you install on your PC, IDC analyst Christiansen predicts that firewalls will be integrated into hardware in the next few years. That means the next DSL or cable modem you buy or lease may have a firewall already installed.
To make maintaining a firewall easy, Christiansen says, companies will offer subscription services. You'll pay $50 a month and the company will make sure your firewall is up-to-date. That maintenance is key to keeping your data safe: As soon as hackers hear about a weakness in a firewall, they hunt for people who haven't upgraded to the latest version and break in.
As our dependence on the Internet and computers grows, so will the personal consequences of a security breach. Whether to protect your personal information from theft or to keep your PC from being hijacked by a hacker, installing a personal firewall makes sense.
Linux on the PowerPC
RELATED IDG.net STORIES:
Popular firewall vulnerable to denial-of-service attacks
Gibson Research's Internet Connection Security for Windows Users
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.