Features of a Good Hardware Firewall
I am going to make a bold statement of fact. If your
computer is connected to the internet, even if it's via a
modem, and you don't protect it with a firewall, then you are
living on borrowed time. Period.
There are three absolutely critical things that you must (I
repeat, MUST) do if you use a computer with any contact to the
outside world. As I said in the first sentence, you must get a
firewall. You must also install and maintain an antivirus
program, and you must perform regular backups. If you do all
of these things (there are other things you can do as well),
then you will be reasonably protected from disasters.
There are two types of firewalls easily available for home
users. You can install a software version or a hardware
version. A software firewall is simply a program which runs
directly on your computer and protects you from intrusions and
hackers. The hardware kind is a separate box; you plug your
computer into it and it keeps your system safe from malicious
intrusions.
I've used many dozens of different firewalls over the
years, and after much experience I've concluded that while the
software versions have some value, they are far inferior to
their hardware cousins. In fact, as far as I am concerned, the
only real reason to install any software firewall is that a
free version (Zone Alarm) is available. This means that even
someone with no money at all can be protected.
Okay, so what does a good hardware firewall do?
First and foremost, it is a small box, usually about the
size of a modem, which protects you from intrusions. One plug
accepts the WAN (DSL or cable modem) connection and one or
more additional plugs connect to the LAN (your computer or
computer network). Anything coming from the WAN to the LAN is
compared against a set of rules - suspected malicious access
attempts are stopped while "good" traffic is let through (or
not, as you desire).
For most home users, it's fine to completely disallow any
unrequested incoming access attempts. Most people are not
running email, web or similar servers out of their house, and
so do not need to allow people to access their systems.
That's what all firewalls do - keep people from mucking
with your system without your permission. However, since there
is a small computer within the firewall box the box can
perform many other functions as well.
Some firewalls also help to protect you from viruses by
scanning email messages and other things as they pass through
the connection. They can also be configured to look for
undesired content (such as violence or foul language) and
either remove it or stop the pages from getting to your system
entirely.
Any good hardware firewall also servers as a router. This
means it allows you to configure pathways into your home
network. For example, you might be running a web server and
thus want to allow browsers to get to that machine. Your
firewall should allow you to define a rule which says "any web
traffic from the internet should be directed to a specific
machine".
Although it's a little technical, something called DHCP is
also highly desirable. DHCP allows those strange network
addresses to be automatically defined whenever a computer
boots. This is very useful if you have a few machines on your
home network - you only have to define the information once.
Each machine on your network will then automatically be set up
each time they boot up.
Of course, hackers are always busy, so you should make sure
your new hardware firewall can be updated with new rules and
features. The firewall company should release new versions
once in a while, perhaps three or four times a year.
A VPN is a way to establish a secure connection from one
computer to another. Some firewalls support these
automatically. For most people, VPN support is simply not
necessary and can be ignored.
One very important feature that you should definitely
insist upon is called "stealth mode". This causes your
computer to more or less completely disappear from the
internet, at least as far as malicious programs are concerned.
Without stealth mode, people will be able to determine your
computer exists on the internet.
The way stealth mode works is simple. Hackers typically
scan the internet for computers, much the way the old
submarines sent out sonar pulses and listened for the "ping"
to determine if an enemy was out there. Hackers do the same
thing. Without a firewall at all, your system will usually
return a message saying "I am here and I am ready to be of
assistance". Many firewalls modify this behavior to "I am
here". In stealth mode, nothing at all is returned to the
attacker, so he does not even get validation that your
computer or network exists.
You should also look for a hardware firewall that includes
a "hub". This is a series of two or more network connections.
You plug your computers into these connections, and thus give
them access to the internet. With this hub, you should be able
to give as many computers as you want onto the internet.
Some firewalls also include the DSL or cable modem. Be sure
before you purchase one of these that it is compatible with
your connection.
If you get a hardware firewall with all of these features,
you can expect to pay around a hundred dollars. I've seen them
for as low as $79 and as high as $400. Shop around and you
will find one in a reasonable price range.
Additional Information
-
Products - Sonic WALL You really want to protect your
personal computer? The best possible firewall solution that
I have found is the SonicWall.
-
Products - ZoneAlarm Pro ZoneAlarm Pro is quite possibly
the best firewall product for personal home use that
currently exists. Highly recommended.
|
