Firewalls - How to protect your computer from attacks

From the home-users point of view, a software-type firewall represents the best choice. You should also know that hardware firewalls exist too in the form of dedicated equipments that are placed to form demilitarized zones (DMZ). That means that it forms a border between the local network and usually the Internet (depending on the needs). These equipments are expensive and require good configuration knowledge - that is why they are considered professional solutions implemented in large networks.
Overall, a firewall's main goal is to filter unwanted traffic that goes both in and out.

How does it do it?
Well firstly, a good firewall software will override application's permissions. This means that it will ask for your approval to allow an application to access the outer network. You can deny the access for the application that you don't want to send information over the network (useful when infected with a Trojan virus that will connect to other hosts and take control of your station). This rule is applied for all programs even usually trusted. In the picture bellow you have an example applied to Yahoo Messenger.

Secondly, a firewall blocks common DoS (Denial of Service) attacks - in theory - that are sent to your computer. This includes SYN floods, Ping of death and many other known attacks. It works by ignoring all traffic that resembles with a known pattern and further ignoring the sender for a period of time. I know that these kind of organized attacks look like a long shot, but you will be surprised to see how many scan your computer for different stuff and try to get access in. Here is part of a firewall log to get a picture of what's happening when connected to the Internet.

Another useful thing that a firewall usually does is filtering the ports. Usually if you have an application that acts like a server, it opens some ports (virtual access points for data) to listen for requests from the network. Someone could "plant" such an application in your PC without even knowing it. And if it's some kind of management software, an antivirus software would not find it suspicious and block it. By doing this, people can gain administrative access in your computer. A firewall will alert you whenever an application starts listening for connections from the network. This comes in two ways, of course. If you do have a server-type application like a FTP server or a remote administration tool, your firewall will usually block it by default. You have to search in the settings of the firewall (these menus come in different forms depending on the producer) and open that port manually. It's simple on most home-user dedicated firewalls.

If you don't use any firewall software you should get one as soons as possible. That if your computer is connected to any kind of network or the Internt, otherwise it's useless.

I personally recommend ZoneAlarm (it exists in freeware version and a paid one that comes with an antivirus too - you can get it from http://www.oldversion.com/program.php?n=zalarm) or Sygate Personal Firewall (get it from http://www.oldversion.com/program.php?n=sygate).

After installing it, the first thing that you should do is to set up your program access rights. So when you are asked for confirmation (let's say) for Mozilla Firefox to access the Internet, click the options that tells to use this setting next time and accept it. It will never ask you again for that confirmation.

If you think you are infected with a virus you should download antivirus.

Subscribe now via RSS feed and get all the new tutorials