Firewalls

Firewall Basics | Routers | Software Firewalls | Testing Your Firewall

What is a Firewall?

Your First Line of Defense

Simply stated, a firewall is a software or hardware product that screens the information coming into and leaving your computer to ensure that there is no unauthorized access to your computer.

Firewalls provide your first line of defense and can help you control what accesses and leaves your computer.

Two Types of Firewalls

There are two basic types of computer firewalls:

Routers are a hardware firewall that provides the first line of defense.
Software firewalls are a security program on your computer.

Both monitor and control access to the Internet and to your network (if you have one) for programs and components on your computer.

You NEED a Firewall

If you are continually connected to the Internet you cannot afford to be without a firewall.

This includes those using ADSL or a cable modems or connecting through a network. But be sure that your firewall is actually protecting you.

We're More Connected Than Ever

Most software today wants to "call home" using the Internet for various reasons:

Many help files are no longer located on your computer.
Many hardware devices install news or update programs along with the drivers necessary to make them work.
Media programs such as RealPlayer or Windows Media Player want to offer live media feeds, to retrieve album art and more.

Can You Trust What is Being Sent?

Can you trust the information they are sending? Perhaps not.

A decent software firewall, when configured properly, allows you to control what software and components have access.

Return to top

Routers — Your Hardware Firewall

A router serves as a hardware firewall and provides the first line of protection by hiding your computer(s) from those trying to gain unauthorized access. A router provides secure shared access to high-speed Internet services for all your computers and allows you to share information across the network if you wish.

There are other hardware firewalls, but they are beyond the scope of this page (and seldom used by home or small business users).

Buying a Router

Most units sold today have four wired outputs and can support up to 253 additional computers via the wireless connection. More expensive routers can provide more options like blocking or allowing certain sites or turning the access to the Internet off when you're not usually home.

Secure Your Wireless Router

Because wireless routers are available to anyone within range, you need to take special precautions that are unnecessary for a standard router without wireless capability (because someone needs physical access to these routers to use them).

Wireless routers are secured using encryption. The most commonly used are WEP and the WPA variations.

What is available to you depends upon both the age of the router and the computers that connect to that router. If you are using a new router but have an old laptop you will be unable to use the most recent (and most secure) methods of encryption unless you purchase suitable external wireless devices or upgrade your computer.

Never Use the Router's Defaults

You should never use the defaults for your wireless router as these standards are well known and easily searched out on the Internet.

Change the SSID to something meaningful to you that won't identify the router's make.
Use the most secure protocol you are able to use, remembering that convenience may lead to outside access to your network and, potentially, the information on the computers that use it.
If you aren't using wireless, disable the wireless capability on your router.
There is more detailed information about wireless security on Wikipedia.

Changes Needed for Shaw Cable Customers

Shaw (as well as Rogers and other cable companies) can block your computer's access to Shaw services like email and other customer-only services once your computer is behind a router.

Shaw customers should use mail.shaw.ca for their email server name. Outgoing sever settings are different for home use and mobile devices.
See Shaw's Mail Server Names for additional informations.
Customers of other cable companies should check with their ISP for details.

Router Manufacturers

These are some of the common manufacturers of routers:

Update Your Firmware

If you are having trouble with a router, check the manufacturer's site for firmware updates specific to your router (check for FAQs, firmware and other information under Support).

Be sure that you are selecting the right version for firmware as similarly-named models vary between countries as well as versions. An improperly updated device may cease to work.

Other Resources

These resources can help to explain some of these issues in greater detail:

Practically Networked Hardware Router Product Guide.
Firewall Router Reviews compares several brands and models.
FAQ: Firewall Forensics (What am I seeing?) helps to explain firewall terms and what your logs are telling you.

Software Firewalls

Back Up Your Router with a Software Firewall

Software firewalls and routers are each more adept at different, but complimentary, tasks.

You need a software firewall since routers are designed to protect you from intrusions, not the spyware or viruses already present on your computer.

What Firewall Programs Do

A firewall program verifies whether software programs and components are allowed access to the Internet and then enforces it by either allowing or denying access.

A software firewall is an essential part of your protection, particularly if your Internet access is through a broadband connection (which includes virtually everyone these days).

As programs are both sending information and receiving information or installing software, be sure your software firewall is effective and that it protects you from outgoing as well as incoming attacks.

Your Windows Firewall Insufficient

Microsoft's built-in Windows firewall may not be giving you the protection you think. It will do a great job of hiding your incoming ports from the web, but what about outbound traffic from ad-ware and spyware you've (knowingly or unknowingly) already installed?

Many Choices — Not All Effective

You can purchase several firewall software packages in retail stores and download and purchase others on-line but the effectiveness of these products varies.

Firewall Quality Varies

Gibson Research Corporation's evaluations are quite dated, but will provide you with a better understanding of the many variables that must be considered in designing a good firewall.

Windows Firewall Inadequate

Windows users should not depend upon the Internet Connection Firewall that comes with Windows since it offers limited outbound protection.

Connection Problems May Be Firewall Issues

Programs that are unable to access the Internet may be having difficulty with your firewall. These articles (all related to issues with Firefox access to the Internet) may help you to deal with access issues when using other programs as well:

This MozillaZine article on firewalls deals with various firewalls and how they can stop programs from accessing the Internet. Sometimes you may not know that a firewall is running or it may be misconfigured.
The top 12 ways to get fooled by firewalls is an interesting list of potential problems with various firewalls.

Avoiding Security Breaches

You should know how to configure the software properly to avoid a security breach.

Ensure that your firewall is not circumvented by someone with physical access to your computer.
Don't automatically give permission to any program requesting access — most setup programs only need access once.
Personal Internet Firewalls that really work! explains some of the issues.
ZDNet notes that personal firewalls could leak private info.

"Easy" Solutions Have Drawbacks

Firewalls with ready-made lists of "acceptable" programs probably aren't the safest way to configure a firewall for security — at least not unless you are able to easily change those settings.

Popular Programs Often Poorest Choices

While firewalls preset to allow the most common programs are an attractive feature, the most popular products are often not the safest to use.

If you've spent any time on this site, it will be clear to you that commonly used products like Internet Explorer and Outlook Express are some of the worst choices when it comes to security.

Can You Determine Program Access?

You should have the ability to determine for yourself if a program needs access. Disabling access for lesser-known (but more secure) products does no service to the user and may have more to do with the lack of research by the vendor than actual safety issues.

ZoneAlarm Recommended

I strongly recommend a current version of ZoneAlarm Internet Security Suite or ZoneAlarm Extreme Security.

New ZoneAlarm Page

The section on configuring ZoneAlarm has become such a large part of this page that I moved it into its own page: ZoneAlarm Security.

Return to top

Testing Your Firewall

Whatever firewall solution you choose, you need to continue to check for breaches of your security. Hackers are always testing for ways around any solution that is available to the consumer. The following sites and software will enable you to check your current status and verify the integrity of your firewall.

Gibson Research Corporation offers several tests and offers some solutions.
- Shields Up is an online test that will check your ports to see if you are vulnerable. There are several pages describing the problem and what you can do about it.
- Leak Test will verify if your firewall is working correctly. No installation is necessary.
Ensure that your firewall is not circumvented by someone with physical access to your computer.

Return to top

More About Related Issues

Protecting Your Online Identity

The following related pages offer more information about protecting your online identity:

Securing Your Computer

The following related pages offer more information about securing your computer:

Return to top

www.RussHarvey.bc.ca/resources/firewalls.html
Updated: May 2, 2013