Suggest A Fix PC Support Forums > Why you need a firewall

Suggest A Fix PC Support Forums > Security > Security Tools and Articles > Security Articles - read only

73-997563179

Nov 2 2001, 04:45 PM

Why SHOULD you have a firewall? That's a good question and one probably many don't really know the answer to.

A firewall is just as important to a computer as an antivirus program. It helps keep the user's information safe and secure, away from prying eyes.

There are many threats a firewall can protect you from. With today's always-on broadband connections and the advanced technology Internet scriptkiddies use to infiltrate systems, users need all the help they can get.

Most people don't realize there is more value to the contents of their computers than they think. Programs and their registration information (that YOU paid for!) can be stolen and personal, private and financial information can be compromised. If someone slips into the system and deletes operating files, it can be very daunting for a normal user to do a complete reinstall themselves. If there is a file, program or game a user has invested a lot of time developing or playing, loss of that information can be devastating or at the very least, frustrating. Sometimes a computer becomes such an important part of daily life, an attack on it can be as traumatic as any in the real world. Don't think just because your system is but one of millions of computers online, and doesn't contain anything "important" anybody would want, it doesn't present a worthwhile target.

THE THREATS:

Network Neighborhood....
Aunty Mable buys her first system and thinks, "File and Printer sharing? Sure, I want that". This is one of the most dangerous features in Windows when addressed improperly. What people don't realize is TCP/IP shares sharing with the world. What a wonderful way for someone to gain access into her system and crack the Quicken program that contains all of her banking accounts and information. While they're at it, why not delete a few of the other "less important" files and folders?

Modem, DSL and Cable....

Modem is not quite as bad because it is inconsistent. The connection and usually the IP address changes with each log-on....well maybe not for those poor souls that use ISDN connections....but it's difficult to guess when Aunty Mabel is going to be online or if George is going to be up at 4am playing Quake. Some backdoors have a "notify when online" function, but we'll get into that later.
With DSL and especially cable, the always-on connection gives an offender all the time they need to break into your box. Without an adequate and effective barrier, they will succeed.

DoS-or Denial of Service....

This is the most common way to cause aggravation and inconvenience for someone. In the old days somebody would get angry at you and simply terminate your connection with a program like WinNuke or the Ping Of Death. Usually a ping or ICMP attack is what most DoS attacks are comprised of. Other attacks use the UDP and TCP protocols. In the modern age, malicious users set up remote systems that don't belong to them as zombies from which they can launch large scale attacks, giving them an anonymous base to operate from. This is generally more of a Linux issue than Windows because most zombies are Linux boxes.

IRC-Internet Relay Chat, messaging programs....

When using these chat programs (Icq, AIM, YIM,etc), this becomes one of the most difficult to protect against attacks. These programs open so many ports and there are so many different types of personalities using them, it's impossible to to be 100% effective at blocking every attack. Think of it like this: If there are 90 million people using these programs, 10 million of them are probably sociopaths looking for victims. There are also plenty of Dos programs that still function with most IRCs.

Backdoors....

The trojan horse lives up to it's namesake. Through email, downloaded files and using binders and packers that make detection more difficult and transport easier, these hidden and disguised remote access programs are one of the most damaging tools used by vandals and thieves. It's not difficult to join a trojan to a normally innocent program and send it to an unsuspecting user. Upon installation, the offender often gains complete access to passwords and information files. Again, cable is the most vulnerable to this because of it's 'always-on' connection.

Operating System flaws....

These are inherent to most operating systems. Out of the box, Win95 probably has close to 100 security issues that need to be resolved to make it safe to operate, with Win98 needed security patches stands around 20 and ME slightly less, including Visual Basic Scripting, which is installed by default on Windows, and most people DON'T turn it off. But all versions of Windows have some serious vulnerabilities that open the doors of opportunity to malicious users if left unpatched. I often argue that out of the box Linux is actually more unsafe than Windows because Linux offers more services. The version of Linux that is the most prone to security issues is RedHat.

WHAT WILL A FIREWALL DO FOR ME?:

A firewall will close all unused ports, or pathways into your computer. It drops pings, leaving them unanswered and blocks nMAP (a scanning tool) scans because nMAP won't find a host. This is what 50% of scriptkiddes use when looking for a victim. Because they more often than not don't know how to go beyond these tools, they'll usually move on to another system or network. If they can't see you, then you're not there for them to hack, attack or infect. Firewalls block traceroute and UDP, TCP and ICMP packets, which is what most DoS attacks are based on. It also blocks connections to Network Neighborhood, blocks most common attacks against IRC and restricts port connections. Not only will a good firewall block incoming attempts, but it will also block outgoing packets
the system attempts to send out because of a backdoor, advertising software or NetBios request. This is saying that even if compromised, you are still protected to a degree.

Hardware or software....

If you can swing it and especially if you have a network, it's best if you purchase a hardware firewall appliance. No software firewall that sits in the back of a hard drive can react as quickly or effectively as a hardware firewall. Aside from that, a hardware appliance will stop something BEFORE it gets to the host. If you have to use a Windows firewall, then there are some effective ones available, but they're not recommended if the other is obtainable.

Hardware or software aside, a firewall has become the main defense against unwelcome intruders and vandals, able to pick up where antivirus software leaves off.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.