Russ Harvey Consulting - Computer and Internet Services

Firewalls

Firewall Basics | Routers | Software Firewalls | Testing Your Firewall

What is a Firewall?

Your First Line of Defense

Simply stated, a firewall is a software or hardware product that screens the information coming into and leaving your computer to ensure that there is no unauthorized access to your computer.

Firewalls provide your first line of defense and can help you control what accesses and leaves your computer.

Two Types of Firewalls

There are two basic types of computer firewalls:

  1. Routers are a hardware firewall that provides the first line of defense.
  2. Software firewalls are a security program on your computer.

Both monitor and control access to the Internet and to your network (if you have one) for programs and components on your computer.

You NEED a Firewall

If you are continually connected to the Internet you cannot afford to be without a firewall.

This includes those using ADSL or a cable modems or connecting through a network. But be sure that your firewall is actually protecting you.

We're More Connected Than Ever

Most software today wants to "call home" using the Internet for various reasons:

  • Many help files are no longer located on your computer.
  • Many hardware devices install news or update programs along with the drivers necessary to make them work.
  • Media programs such as RealPlayer or Windows Media Player want to offer live media feeds, to retrieve album art and more.

Can You Trust What is Being Sent?

Can you trust the information they are sending? Perhaps not.

A decent software firewall, when configured properly, allows you to control what software and components have access.

Return to top

Routers — Your Hardware Firewall

A router serves as a hardware firewall and provides the first line of protection by hiding your computer(s) from those trying to gain unauthorized access. A router provides secure shared access to high-speed Internet services for all your computers and allows you to share information across the network if you wish.

There are other hardware firewalls, but they are beyond the scope of this page (and seldom used by home or small business users).

Buying a Router

Most units sold today have four wired outputs and can support up to 253 additional computers via the wireless connection. More expensive routers can provide more options like blocking or allowing certain sites or turning the access to the Internet off when you're not usually home.

Secure Your Wireless Router

Because wireless routers are available to anyone within range, you need to take special precautions:

  • Standard (non-wireless) routers provide connections only to computers physically connected to the router via a network cable.
  • Wireless routers provide connections both via network cable and via wireless (radio) connections.

Wireless routers should be secured using encryption. What is available to you depends upon both the age of the router and the computers that connect to that router.

  • The most commonly used are WPA and WPA2.
  • WEP is now obsolete and provides poor security.
  • WPS push button is convenient and makes connections very easy, but there is a flaw.

If you are using a new router but have an old laptop you will be unable to use the most recent (and most secure) methods of encryption unless you purchase a suitable external wireless device or upgrade your computer.

Never Use the Router's Defaults

You should never use the defaults for your wireless router as these standards are well known and easily searched out on the Internet.

  • Change the SSID to something meaningful to you that won't identify the router's make. More about choosing SSIDs and passwords.
  • Use the most secure protocol you are able to use, remembering that convenience may lead to outside access to your network and, potentially, the information on the computers that use it.
  • If you aren't using wireless, disable the wireless capability on your router.
  • There is more detailed information about wireless security on Wikipedia.

Changes Needed for Shaw Cable Customers

Shaw (as well as Rogers and other cable companies) can block your computer's access to Shaw services like email and other customer-only services once your computer is behind a router.

  • Shaw customers should use mail.shaw.ca for their email server name. Outgoing sever settings are different for home use and mobile devices.
  • See Shaw's Mail Server Names for additional information.
  • Customers of other cable companies should check with their ISP for details.

Router Manufacturers

These are some of the common manufacturers of routers:

Update Your Firmware

If you are having trouble with a router, check the manufacturer's site for firmware updates specific to your router (check for FAQs, firmware and other information under Support).

Be sure that you are selecting the right version for firmware as similarly-named models vary between countries as well as versions. An improperly updated device may cease to work.

A security vulnerability was reported for several routers including some of D-Link's product line where there is a secret code that bypasses the router's security. Not all D-Link routers are affected and updating the firmware can be somewhat tricky so you might want to review the videos on D-Link's site for the warnings and help.

Other Resources

These resources can help to explain some of these issues in greater detail:

Software Firewalls

Back Up Your Router with a Software Firewall

Software firewalls and routers are each more adept at different, but complimentary, tasks.

You need a software firewall since routers are designed to protect you from intrusions, not the spyware or viruses already present on your computer.

What Firewall Programs Do

A firewall program verifies whether software programs and components are allowed access to the Internet and then enforces it by either allowing or denying access.

A software firewall is an essential part of your protection, particularly if your Internet access is through a broadband connection (which includes virtually everyone these days).

As programs are both sending information and receiving information or installing software, be sure your software firewall is effective and that it protects you from outgoing as well as incoming attacks.

Your Windows Firewall Insufficient

Microsoft's built-in Windows firewall may not be giving you the protection you think. It will do a great job of hiding your incoming ports from the web, but what about outbound traffic from ad-ware and spyware you've (knowingly or unknowingly) already installed?

Many Choices — Not All Effective

You can purchase several firewall software packages in retail stores and download and purchase others on-line but the effectiveness of these products varies.

Firewall Quality Varies

Gibson Research Corporation's evaluations are quite dated, but will provide you with a better understanding of the many variables that must be considered in designing a good firewall.

Windows Firewall Inadequate

Windows users should not depend upon the Internet Connection Firewall that comes with Windows since it offers limited outbound protection.

Mac Firewall

Mac OS X's firewall, like its Windows counterpart, provides only inbound protection. There is no outbound protection and provides no additional protection if you're behind a router.

Connection Problems May Be Firewall Issues

Programs that are unable to access the Internet may be having difficulty with your firewall. These articles (all related to issues with Firefox access to the Internet) may help you to deal with access issues when using other programs as well:

Avoiding Security Breaches

You should know how to configure the software properly to avoid a security breach.

"Easy" Solutions Have Drawbacks

Firewalls with ready-made lists of "acceptable" programs probably aren't the safest way to configure a firewall for security — at least not unless you are able to easily change those settings.

Popular Programs Often Poorest Choices

While firewalls preset to allow the most common programs are an attractive feature, the most popular products are often not the safest to use.

If you've spent any time on this site, it will be clear to you that commonly used products like Internet Explorer and Outlook Express are some of the worst choices when it comes to security.

Can You Determine Program Access?

You should have the ability to determine for yourself if a program needs access. Disabling access for lesser-known (but more secure) products does no service to the user and may have more to do with the lack of research by the vendor than actual safety issues.

Return to top

www.RussHarvey.bc.ca/resources/firewalls.html
Updated: September 4, 2014

Firewalls provide your first line of defense

ZoneAlarm Recommended

I strongly recommend a current version of ZoneAlarm Extreme Security.

Return to top

Testing Your Firewall

Whatever firewall solution you choose, you need to continue to check for breaches of your security.

Hackers are always testing for ways around any solution that is available to the consumer.

The following sites and software will enable you to check your current status and verify the integrity of your firewall.

  • Gibson Research Corporation offers several tests and solutions.
    • Shields Up is an online test that will check your ports to see if you are vulnerable.
    • Leak Test will verify if your firewall is working correctly. No installation necessary.
  • Ensure that your firewall is not circumvented by someone with physical access to your computer.

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!