Home User Security: Your First Defense
by Sarah Granger
|Editor's note: this article has also been translated into German thanks to Vu-Clan, a Deutsch gaming site.
The need for a firewall
It used to be that an anti-virus program was a home user's first (and perhaps, only) line of defense against the spread of viruses, worms, trojans, and other malicious code. Times have changed. In the era of pervasive, always-on broadband connections, today simply having your Microsoft (R) Windows (TM) computer turned on is enough for it to get infected with the latest virus or worm. Have you applied your weekly set of critical Microsoft security patches, or your monthly Microsoft mega-patch? What if you've been on vacation for the past few weeks? The swiss cheese approach to applying security patches that are required to keep desktop computers safe and useable just doesn't work for the average home user. A firewall should now be a home user's first line of defense.
What is a firewall?
The original firewalls, literally physical walls constructed to slow or cease the expansion of fires through buildings, performed a serious function in a basic way. Like their namesake, network firewalls were originally quite similar in concept. They were physical units blocking activity coming into and out of computer networks, thus protecting the network's users from harm. These hardware boxes acted as data filters connected on one side - to the Internet, and on the other - to the internal network. As the Internet grew, the need for more complex analysis of incoming data rose. Today, we have a myriad of firewall hardware and software options available for networks large and small, with features ranging from simply watching the traffic to analyzing, refusing, and reporting in great detail. The terms personal firewall and desktop firewall are synonymous with software you install on your computer to keep the bad guys out.
These days, there are a nearly infinite number of uses outsiders can have for your computer. Yet many security threats simply don't hit the radar of home computer users, who might say for example, "I don't have that much important data on my computer" or "I really don't care so much what somebody sees if they poke around." Thus, the impetus to prevent attacks and protect your information may simply not be there for home users. However we must think about the following, which may hit closer to home:
First off, if you don't know what 'identity theft' is, go read about it, then come back and finish this article. An estimated ten million people were victims of identity theft in the United States this year alone. On average, individual victims lost somewhere between two and ten thousand dollars each per incidence, and the number grows every year.
Any way you slice it, identity theft is rampant and it is achieved through a number of standard methods employed by even the most novice of hackers. Some of those methods include the use of:
How firewalls work
Firewalls are great tools for enhancing security and privacy. Essentially, they control the traffic flow in and out of networks or computers. They work like customs agents, determining who is safe to come and go, for what purpose, and what they can bring with them. The "in" part is easier to understand: firewalls keep out intruders and destructive programs. The "out" part is trickier: firewalls prevent users from unwittingly sending private data into the wrong hands. For example, some browsers enable cookies which collect data about the browser users and send that data to the web sites or external networks. Firewalls can prevent those cookies from sending that data, thereby protecting users' privacy.
Firewalls cannot be used alone and by no means give the user permission to sleep at the wheel. Hardware firewalls, the standard for large networks and organizations, provide for a level of security that is easily controlled centrally and acts as a gateway to internal networks. Hardware firewalls are essential for multi-user and multi-computer environments, nearly all of which are connected directly to the Internet all the time. More small organizations and home users are installing inexpensive hardware firewalls in the form of broadband routers. This is recommended. A few popular routers are made by D-Link, NetGear and Linksys. Hardware firewalls will not be reviewed in this series, but can be researched through some of the links listed in the References section at the bottom of this article. These routers are more like the old style hardware boxes providing basic traffic monitoring. They guard the door, but one of their limitations is that they don't pay any attention to what's inside.
Basic firewall configurations
Two basic firewall configurations for a home office include:
Any method of protection with two levels of security is stronger than one. Think of birth control, for example. A system of using diaphragms or condoms alone is good, but one where both are used together is much more resistant. If at all possible, set up option 2.
On the most basic level, firewalls operate by denying certain types of traffic with specifically outlined exceptions (default deny), and accepting other types of traffic with different exceptions (default permit). The firewalls can inspect, modify, and route data according to defined rule sets. They employ a few different manners of sorting data including:
Firewall analysis is based on address, port, protocol, or application. Here are examples:
When are firewalls most necessary?
Unfortunately, the Internet has grown to a point where every computer needs a firewall to be secure. If it's online, it's a target. Luckily, today's firewall software works as much more than just a traffic cop. Most options provide a variety of features which liken the software to a complex suite of security measures that are not only extremely useful, but can be fun to watch as well.
Features of typical desktop firewalls include those noted above: Port Control, Application Monitoring (also known as 'Program Control'), and Packet Filtering. Some personal firewall products have also started to extend beyond the traditional role of a firewall and additionally offer features useful to a home users, such as:
A few noteworthy concerns
First, some personal firewalls create traffic flow problems for computers connected through corporate VPNs (Virtual Private Networks), so when using a VPN, be sure to choose compatible firewall software. Second, it is not advised to install most types of personal firewall software on large corporate networks. This reasoning is based on inconsistency issues. Network administrators cannot monitor how each user and machine is configured when a personal firewall is in place on large networks and as a result, cannot be sure of their relative security. One machine may have the latest version of a certain personal firewall program, whereas the computer in the next cubicle could have a totally different version with known security holes. Vendor consistency helps, but the best thing to do is look into newer versions of personal firewall software that incorporates central management through a server. For more information on these, see the subsequent article in this series.
A firewall is not the panacea to personal security
While a personal firewall should be on the first step that leads to your computer's front door, it should never be your sole form of protection. No matter how great the firewall, if passwords are compromised or email programs are left open, intruders can still walk right in. So before you put all your faith in a firewall, make sure to do the following:
This is a long list, but inevitably these simple measures are often overlooked by the average home user. No one wants to fall asleep at the wheel. The results can be much more time-consuming and costly than basic maintenance of you home office security. And when all else fails, work offline for a while. It will throw off any would-be attackers for a while and it can be a refreshing change.
Next: firewalls compared
The next article in this series, appearing in December, will explore some of the more popular and robust personal firewall software options currently on the market, as well as help you decide between them. Many are free or have free versions. We will provide feature comparisons for those options, information on where to find them, and explanations of how to install and configure a basic personal firewall. In addition to that, we will look at a few ways of testing individual firewalls to ensure they are secure.
Bobelian, Michael, "Hackers and Viruses Don't Stand a Chance", Forbes.com, June 13, 2003.
"Close Your Ports' Vulnerabilities", Smart Computing, Vol. 14, Issue 5, p. 62-65.
Dubrawsky, Ido, "Firewall Evolution - Deep Packet Inspection", SecurityFocus, July 29, 2003.
"Federal Trade Commission Identity Theft Survey Report", Synovate, September 2003.
"Home PC Firewall Guide," Firewall.com, 2003.
"Network Firewall, Intrusion Prevention, File and System Security in ONE box," TINY Software, 2003.
"Personal Firewall Reviews," Firewall.com, 2003.
Rash, Wayne and Connolly, P.J., "Zone Labs simplifies personal-firewall management", InfoWorld, February 14, 2003.
Robb, Drew "Reining in Personal Firewalls," ComputerWorld, June 16, 2003.
Rudis, Bob and Kostenbader, Phil, "The Enemy Within: Firewalls and Backdoors", SecurityFocus, June 9, 2003.
Simson Garfinkel and Gene Spafford, Practical Unix Security, 2nd Edition, Chapter 19: Firewalls, O'Reilly & Associates, Inc., 1996.
Tanase, Matthew "Transparent, Bridging and In-line Firewall Devices," SecurityFocus, October 15, 2003.
Tyson, Jeff, "How Firewalls Work", PC Stats, 2003.
Wildstrom, Stephen H., "Securing Your PC: You're On Your Own", BusinessWeek online, May 26, 2003.
Yegulalp, Serdar, "Software Firewall Reviews," PC Magazine, November 19, 2002.
View more articles by Sarah Granger on SecurityFocus.
This article originally appeared on SecurityFocus.com -- reproduction in whole or in part is not allowed without expressed written consent.