Firewalls protect your system

If you spend a lot of time on the internet and you are not behind a firewall, then you are living on borrowed time. Putting some protection between you and the internet is probably the third most important thing that you can do (after getting virus checking software and performing regular backups).

The diagram to the left shows an unprotected system using a DSL modem. As you can see, someone on the internet can attack the computer system easily as the DSL modem provides no protection (some DSL modems have built-in firewalls). An attacker can get through any type of modem - DSL, cable, 56K, 28.8 or whatever. If the device gets you on the internet, you are vulnerable.

For those with a DSL, cable modem or other "always-on" connection, you MUST get a firewall. This is critical, as your machine is always live and it most likely has a fixed IP address. This makes it easier for your system to be "found" and attacked.

What a personal firewall does is isolate your computer from the rest of the internet. It does this by inspecting each packet of data to determine if it it should be allowed to get to (and in some cases from your machine.) The best protection completely hides your computer - this is called stealth mode.

You have the option of installing a software firewall or a hardware firewall. 

Software Firewall - A software firewall runs on your computer system in the background. It intercepts each network request and determines if the request is valid or not. Software firewalls offer the following advantages:

  • They are generally very inexpensive
  • They are very easy to configure

They have the following disadvantages:

  • Since they run on your computer they require resources (CPU, memory and disk space) from your system.
  • They can introduce incompatibilities into your operating system.
  • You must install exactly the correct version for your operating system.
  • You must purchase one copy for each system on your home network.

Hardware Firewall - A hardware firewall is generally a small box which sits between your computer and your modem. In general, hardware firewalls have the following advantages:

  • They tend to provide more complete protection than software firewalls
  • A hardware firewall can protect more than one system at a time
  • They do not effect system performance since they do not run on your system.
  • They are independent of your operating system and applications.

They have the following disadvantages:

  • They tend to be expensive, although if you have a number of machines to protect it can cost less to purchase one hardware firewall than a number of copies of a software product.
  • Since they do not run on your computer, they can be challenging to configure.

Firewall mixture - In my mind, the best protection is a combination of both hardware and software firewalls. This is the ideal, since both have different advantages and disadvantages. Personally, I use a SonicWall hardware firewall combined with ZoneAlarm Pro, which is installed on my Windows 2000 Professional system. The SonicWall protects my home network since it sits between the hub and the DSL modem, and ZoneAlarm Pro offers some additional protection for each system.

Testing Your Firewall - To test your firewall, surf to http://www.grc.com and request a probe.  You will be given a very good report of exactly what issues were found and what to do about them. Once the probe is finished several excellent personal firewall products are recommended. My personal favorite is ZoneAlarm Pro, primarily because it's protection is excellent and it is trivial to use.

Some Firewalls - A selection of personal firewalls is listed below.

  • ZoneAlarm Pro - By far the best software firewall available. ZoneAlarm offers protection from both incoming connections and outgoing connections. It is also extremely easy to configure, has low system impact and is very inexpensive (a free version is also available). 

  • Norton Internet Security 2001 (which was the AtGuard product from WRQ until a few months ago). Norton is a reasonable firewall, although it does have some vulnerabilities. It offers weak protection from outgoing connections and is somewhat difficult to configure if you want it to operate differently from the default.

  • BlackIce -  An okay choice in firewalls. Much easier than Norton to configure, but with the same vulnerabilities.

What I've done on my system is:

  • Used a SonicWall hardware firewall to protect my entire home network.
  • Installed ZoneAlarm Pro on each system to provide additional safety
  • And installed Norton Internet Security for it's privacy protection.

Due to the rapidly changing nature of the internet, it's very important to be continually monitoring security issues. You may purchase the perfect personal firewall today, only to find out in six months that it's been hacked to pieces. So be sure to be looking around, and be ready to get a newer and better product quickly. This is not one of those issues where you can scrimp and save. Your system is at risk.