Endpoint Protection

The need for a firewall

What is a firewall?

Identity theft

1. If any document on the computer holds social security numbers, addresses, or other personal information, those identities can be stolen and immediately abused.
2. Every single computer connected to the Internet can be used as a vehicle for attacking others, and those attacks will ultimately be traced back to you. This includes not only the spawning annoying email viruses that liken address books to hackers' dream mailing lists (remember the Nimda virus?) but also using your computer as a SPAM server, or have it serve up child pornography which one again, will get traced back to you. These are real threats.

First off, if you don't know what 'identity theft' is, go read about it, then come back and finish this article. An estimated ten million people were victims of identity theft in the United States this year alone. On average, individual victims lost somewhere between two and ten thousand dollars each per incidence, and the number grows every year.

Any way you slice it, identity theft is rampant and it is achieved through a number of standard methods employed by even the most novice of hackers. Some of those methods include the use of:

• Viruses and Worms, well known by anyone who's used email in the last five years, these often carry or fetch other programs that can unleash attacks.
• Remote Login, the "duh" of any UNIX administrator, this is an obvious entry point on many unprotected operating systems, and one that is easily overlooked.
• Denial-of-Service Attacks, where attackers barrage the network with so much data that they ultimately render your computer unusable and in need of a reboot, or else open doors for full access into your computer.
• Trojan Horses, programs pretending to be innocuous when reality they invite intruders inside and give full access to your computer.
• Session Hijacking, the fancy name for using mail servers or programs used as vehicles for sending out viruses and other malware.
• Bugs and Holes, the human errors in nearly every piece of software ever written, allow for easy access to those in the know.
• Spyware, often synonymous with application backdoors, are programs or features in programs allowing for information flow in and out of networks without the user's knowledge, often utilized by dubious corporations as a means of profiling user data. These can also be a major security threat.

How firewalls work

Firewalls cannot be used alone and by no means give the user permission to sleep at the wheel. Hardware firewalls, the standard for large networks and organizations, provide for a level of security that is easily controlled centrally and acts as a gateway to internal networks. Hardware firewalls are essential for multi-user and multi-computer environments, nearly all of which are connected directly to the Internet all the time. More small organizations and home users are installing inexpensive hardware firewalls in the form of broadband routers. This is recommended. A few popular routers are made by D-Link, NetGear and Linksys. Hardware firewalls will not be reviewed in this series, but can be researched through some of the links listed in the References section at the bottom of this article. These routers are more like the old style hardware boxes providing basic traffic monitoring. They guard the door, but one of their limitations is that they don't pay any attention to what's inside.

Basic firewall configurations

Option 1:
Internet <--> Firewall Hardware or Software <--> Internal Network/Individual Computer

Option 2:
Internet <--> Hardware Firewall/Router <--> Personal Firewall Software <--> PC

Any method of protection with two levels of security is stronger than one. Think of birth control, for example. A system of using diaphragms or condoms alone is good, but one where both are used together is much more resistant. If at all possible, set up option 2.

On the most basic level, firewalls operate by denying certain types of traffic with specifically outlined exceptions (default deny), and accepting other types of traffic with different exceptions (default permit). The firewalls can inspect, modify, and route data according to defined rule sets. They employ a few different manners of sorting data including:

• Packet filtering - a simple method, packet filtering entails analyzing small packets or chunks of data through a series of filters.
• Proxy service - some information is transmitted by proxy, automatically responding to the source with some small amount of data.
• Stateful inspection - this method looks at parts of packets to see if they match specific characteristics that are allowable. Most modern firewalls offer stateful inspection.

Firewall analysis is based on address, port, protocol, or application. Here are examples:

• Address - Every computer or network gateway on the Internet has an IP (Internet Protocol) address, such as 126.1.228.4. They also have names corresponding to those addresses, known commonly as 'domain names,' like mail.yahoo.com. Firewalls can block particular sites from sending data through them based on their IP addresses. This can go as far as blocking certain subnets (126.1.228.x), meaning nothing from any computer in that realm of addresses will get through.
• Protocol - Certain types of data conform to different communication standards or protocols. For example, the HTTP (Hyper Text Transfer Protocol) encompasses all web-related communications, and FTP (File Transfer Protocol) encompasses an older method of file transfers.
• Port - Operating systems have entry points for certain types of data. Those entry points are called "ports". For example, HTTP requests go through port 80, and FTP requests go through ports 20 and 21. Firewalls can block or restrict transmission based on a port or series of ports. More common ports closed off are Telnet and FTP ports since more secure methods of transmission are available, and these are generally not used by the average home user anyway.
• Application - Is it an Instant Messenger client that's sending the data? Is it an interactive computer game? Or is it attempted access by some unknown program, spyware you didn't know was installed, or some backdoor bot that wants to control your computer? Firewalls can observe the application level as well and warn you of attempted communications. We'll discuss how this works more in part two of this series.

When are firewalls most necessary?

Features of typical desktop firewalls include those noted above: Port Control, Application Monitoring (also known as 'Program Control'), and Packet Filtering. Some personal firewall products have also started to extend beyond the traditional role of a firewall and additionally offer features useful to a home users, such as:

• Data encryption - Rather than letting all data that's acceptable for transmission be sent in the clear, some firewalls will encrypt it.
• Hiding your presence - Some firewall software will attempt to "hide" PCs from the outside world, making them less visible to hackers and self-propagating worms.
• Reporting/Logging - Modern firewalls can report in detail what packets came from where, when, and provide analysis as to their purposes. This reporting can be essential information for understanding network traffic and preventing future attacks, as well as an indication of who gained access if a compromise has occurred.
• Email virus protection - While traditionally in the realm of anti-virus software, this feature inspects individual email messages for red flags or known executables that are dangerous and rejects those messages.
• Pop-up ad blocking - A dream come true, some firewalls can stop these things from ever getting onto the desktop where they so annoyingly flash and flutter in your face.
• Cookie digestion - This feature will munch away at the cookies before they have a chance to transmit any information back to their source.
• Spyware protection -- Some personal firewalls attempt to limit your exposure to Spyware by stopping the software's ability to contact its remote server and, in some cases, informing you of the attempt so that you can take further action.
• Laptop protection - You can take it with you! But only if you have the right kind of firewall or are technical enough to know what you are doing. Often, personal firewalls are configured for one network: home or office. Once the computer is removed from that network, it is vulnerable due to the fact that every network is configured differently. Therefore, features that ensure secure mobility are key for traveling users.

A few noteworthy concerns

A firewall is not the panacea to personal security

• Regularly install new Microsoft security patches - Critical patches for Microsoft operating system vulnerabilities often come out on a weekly basis. The infamous Windows Update needs to be run regularly to ensure the latest round of worms, virus and other vulnerabilities have been patch and your computer is no longer vulnerable.
• Use anti-virus software - If you own a Windows-based PC, this is an absolute necessity. Windows is targeted more than any other operating system and viruses are generally written for Windows applications. These are easy to install, and some even come with firewall packages of their own now. The only trick is that virus definitions must be updated regularly. If not, the software is virtually useless. New viruses and worms come out constantly so keeping the latest virus definition on your machine will reduce the risk of infection. Most modern anti-virus applications now update themselves automatically, by default. In addition, many anti-virus applications will scan email before it reaches your inbox.
• Install spyware blocking software - There are many freeware and shareware anti-spyware applications that will help mitigate the threat of spyware, software that was unknowingly installed on your computer and is used to watch you or track your movements on the Internet.
• Install spam blocking software - This is another step in the mail protection process and not just one to limit junk mail. Spam often contains pesky viruses or scams, so if you can find a spam blocker you like, use it!
• Change password(s) - Make them strong, and change them often. Also, make sure not to use the same passwords used on external networks, such as Amazon.com in case those sites are compromised without your knowing. For more information on good password practices, see: "The Simplest Security: A Guide to Better Password Practices." Also, if you run Windows XP, beware of hidden accounts and passwords. Check to make sure every account is secure, and create a schedule for changing passwords regularly. It's a pain, but it's important.
• Disable ActiveX and Java in Internet Explorer - Both of these technologies are regularly exploited in malicious web pages and can be used to infect your computer with viruses, worms, trojans, or spyware. Unfortunately, disabling ActiveX in recent versions of Internet Explorer causes a warning to be displayed when visiting legitimate sites that use this technology.
• Disable auto-download or auto-open features - It's difficult to know what comes in and out when programs have free reign to transmit at will, particularly with applications that you've installed and forgotten about. Disabling those that auto-transmit lowers the chances of attack.
• Turn off file and printer sharing - If you don't need it on your home network, disable it. This should be a given, as file and printer sharing should never be made available over the Internet by a home user.
• Consider a new method of receiving email - It's a sensitive topic, but email programs are historically full of security holes, particularly in the areas of attachments and HTML rendering. To be sure yours isn't one of those, do a little research. Install the latest version of whatever program you choose, and configure it such that attachments are not automatically downloaded or executed. This is more useful than any virus checker. Keep in mind that the more popular a mail program is, the more it will become a target. Outlook Express is a prime example of this. Keep on top of the security patches offered by the vendor, as many attacks are based on holes that were discovered (and patched) many months before.
• Install a hardware firewall - As noted above, many routers provide this functionality. It's a smart, simple way to protect new PCs that may be added to your home network.
• Consider a different operating system - Windows gets hacked far more than any other platform. If this is a major concern for you, during your next computer purchase consider an alternate operating system. MacOS X still has no confirmed viruses spreading in the wild, compared to more than 65,000 viruses for Windows-based computers. Or try Linux on your desktop.
• Backup, backup, backup - Do it early and often. Keep full backups as well as incremental backups. With external media becoming cheaper all the time, there is no excuse for not having a solid backup solution. And to be really safe, keep one offsite, like in a friend or family member's fireproof safe. Swap it every three to six months. If the house burns down, precious notes, photographs and work will be preserved.

This is a long list, but inevitably these simple measures are often overlooked by the average home user. No one wants to fall asleep at the wheel. The results can be much more time-consuming and costly than basic maintenance of you home office security. And when all else fails, work offline for a while. It will throw off any would-be attackers for a while and it can be a refreshing change.

Next: firewalls compared