Registered Company No: 5363256
Links:
 |
|
|
|
|
|
|
| Internet Firewalls - Part 1 |
|
PC support #6: Internet Firewalls, part 1
24th November 2001
C O N T E N T S
----- INTRODUCTION TO FIREWALLS
1. What is a firewall?
2. Why are firewalls needed?
3. Why would anyone want to hack into my computer?
4. Do I need a firewall?
5. Where can I get a firewall from?
----- ADDITIONAL INFORMATION
6. How do firewalls work?
7. What is SpyWare?
8. What is a DDoS attack?
9. The Windows XP Firewall.
10. Hackers and Crackers - an apology
----- CONTACT DETAILS
------------------------------------------------------------------------
----- INTRODUCTION TO FIREWALLS ----------------------------------------
------------------------------------------------------------------------
-- 1. What is a firewall?
In computing circles, a firewall is basically a device or a program which sits in between a computer (or computers) and the rest of the Internet (or some other network). It blocks any unauthorised communications to and from the computer or computers it is protecting. Large computers and corporate networks use dedicated hardware firewalls, but firewall programs are available for individual PCs.
-- 2. Why are firewalls needed?
The main purpose of a firewall is to stop someone "hacking" into your computer. Whenever you are connected to the Internet, there is effectively an open communications channel between your computer and any other computer on the Internet which wishes to use it. How open this channel is depends on how well your computer is set up, but even the best configured systems are still vulnerable.
Some firewalls also prevent software on your computer from accessing the Internet without your permission, giving you more control over just what is sent out from your PC over the Internet (see item 7 in the Additional Information section for more details).
-- 3. Why would anyone want to hack into my computer?
You might think that there's nothing of particular value on your computer, so it's not worth worrying about. However, there are several reasons you ought to be concerned.
* There's probably more information about you on your computer than you think. E-mails often contain personal information. Ever bought anything over the Internet? Then your credit card details may
still be lodged somewhere on your hard disk. Almost certainly there are some personal details there somewhere - and do you really want anyone else snooping around on your PC?
* Someone hacking into your PC could cause it to crash or stop working normally - in much the same way as a virus.
* Your computer could be used by a hacker (or "cracker" - see item 10) to attack another computer without you even knowing it. Such attacks are called "Distributed Denial of Service" (or DDoS)
attacks, and are increasingly common (see item 8 in the Additional Information section for what a DDoS attack is).
-- 4. Do I need a firewall?
Ultimately, it's up to you whether you choose to use a firewall. If you don't spend much time connected to the Internet, and don't hold much information of value on your PC, then you can justifiably argue that
it's overkill. However, since there are software firewalls available that are cheap or free, and are easy to use, it's still worth considering. They do use a small amount of your PCs computing power, but it's generally so small that you won't ever notice it.
-- 5. Where can I get a firewall from?
If you are running the latest version of Windows, Windows XP, you already have one! There is one built into Windows XP, but it does have some limitations (see item 9 below).
If you are running any other version of Windows (or if you have XP but want a better one), there are several available. Some you have to buy, but one, called ZoneAlarm, is free for personal (non-commercial) use. You can download it from the ZoneLabs web site at:
http://www.zonelabs.com
TAKE CARE not to confuse "ZoneAlarm" with "ZoneAlarm Pro", which you have to pay for. Alternatively, contact me and I should be able to let you have a copy on CD.
ZoneAlarm is quite easy to use, but for those who would like a little more assistance, the next support note will be about installing and using it.
------------------------------------------------------------------------
----- ADDITIONAL INFORMATION -------------------------------------------
------------------------------------------------------------------------
This section is "extra reading" for those who are interested!
-- 6. How do firewalls work?
The details of how firewalls work are way beyond the scope of this support note, so what follows is a very much simplified account, just to give you a flavour of how they protect you.
All computers on the Internet have an address, called the "IP address". Your PC will have an address assigned by your Internet Service Provider (which may well be different every time you connect to the Internet!). Information travelling between computers on the Internet is split up into "packets", and each "packet" carries the addresses of the computer it is from, and the computer it is intended for, along with some other information about how it should be used.
This applies to information sent by hackers when they try to break into your PC, just as much as any other information. A firewall looks at the addresses and other information in any packets which arrive, and only lets through any that it is "expecting". Which ones it lets through depend on how it is configured - by default, most (including ZoneAlarm) will not let through ANY packets unless they are sent in response to requests for information from your computer. Thus any requests for information or access from an unknown computer will be rejected.
Most firewalls go further than this. By default, if a packet arrives at a computer with the right address, the computer will send a response saying that it has accepted or rejected the packet. A "properly
configured" system will reject unexpected packets, but even the rejection message will give away some information (such as the fact that the address is valid). Firewalls such as ZoneAlarm will put the computer in what is commonly known as "stealth" mode, so that it completely ignores unexpected requests, and thus disguises the fact that your computer even exists!
-- 7. What is SpyWare?
SpyWare is the term commonly used to describe software which sends information from your PC out over the Internet without your knowledge or authorisation. Unlike viruses, which "sneak" onto your computer without you knowing, SpyWare programs are legitimate programs which you knowingly install. They will generally do what they are intended to do without any other deliberately harmful side affects.
The reason that these programs communicate over the Internet varies, but it is usually a form of market research or information gathering on the part of the company that produces the software. The reason that some people object to this is that information about themselves is being sent to someone else without their permission. The amount of information varies from program to program, and may amount to no more than an indication that the program is in use somewhere - but it can be much more. This is regarded by many people as an invasion of their privacy.
Some programs ask you before sending such information, or at least tell you what information they will send, but some will simply go ahead and send the information whenever an Internet connection is available (for example, whilst you are surfing the web or collecting e-mail).
Some firewall programs, including ZoneAlarm, will give you protection against this kind of behaviour by alerting you whenever an unauthorised program attempts to send information over the Internet. You can then decide if you want to allow the program to do so.
If you want to find out if there is any SpyWare on your computer (and it is surprisingly common), check out AdAware from:
http://www.lavasoftusa.com
-- 8. What is a DDoS attack?
A Distributed Denial of Service, or DDoS attack, is a method used by some unscrupulous people to try to stop a computer or computers on the Internet from functioning properly by literally swamping them with
irrelevant communication. In the case of a business which depends on the Internet for its operation (such as companies which sell goods over the Internet) this can be extremely serious. Several high-profile Internet sites (including the White House web site) have recently been the subject of DDoS attacks.
To launch a DDoS attack, it is necessary to "recruit" a large number of computers, which then simultaneously bombard the target site with packets of spurious information. This is where the "Distributed" part comes from - the attack is distributed between a lot of computers, spread across the Internet. The attacker almost certainly won't have direct, authorised access to enough computers, so he or she infiltrates vulnerable computers owned by unsuspecting people and "turns" them to his or her own ends.
There are several steps you can take to avoid your computer being used in a DDoS attack (which as well as harming others can also degrade the performance of your PC):
* Install Anti-Virus software and keep it up to date
* Install a firewall
* Apply the latest security patches to your PC
The easiest way to apply the most important security patches is via Windows Update, which will be covered in a future support note.
-- 9. The Windows XP Firewall.
Windows XP is the newest version of Windows, and has a firewall built into it. This will normally be enabled automatically when an Internet connection is set up, but if you want to check if it is enabled, here's how you do it. (Note - the XP user interface can be configured in several different ways - this assumes that you have the default settings).
(a) Click Start, and choose Control Panel
(b) Click on the "Network and Internet Connections" icon
(c) Click on the "Network Connections" icon
(d) Look in the window that appears for an icon with the same name as your Internet connection (it may be the only icon there). If there is a small padlock to the top right of the icon, the firewall is enabled.
(Note that if only small icons are being displayed you may have trouble spotting the padlock. Either change to icon view via the View menu or go on to the next step).
The following steps allow you to double-check, and to enable the firewall if required...
(e) Right click on the icon for your Internet connection and choose "Properties" from the menu that appears.
(f) A tabbed dialogue box will appear. Click on the "Advanced" tab.
(g) On the page that appears, check that the "Internet Connection Firewall" box is ticked. If not, click it to enable the firewall, then click "OK".
(You can use the "Settings" button to fine-tune the operation of the firewall, but if you're not sure what you are doing, best leave it alone.)
-- 10. Hackers and Crackers - an apology
Throughout this support note, I have used the term "hackers" when referring to the malicious individuals who gain illegitimate access to other people's computers, and "hacking" to refer to their activities. I
have done this because these are the terms most familiar in the world at large, and to do otherwise might cause misunderstanding amongst some of my target audience.
However, in many computer-literate circles the terms "hackers" and "hacking" are used to refer to legitimate computing activities, and many skilled programmers would refer to themselves as "hackers". These people sometimes find it offensive when the same terms are used to describe those who attempt to gain unauthorised access to other people's computers, and would prefer that the terms "cracker" and "cracking" be used to describe these people and their nefarious activities.
To any legitimate hackers who may read this, I offer you an apology. My aim is to inform, not offend.
------------------------------------------------------------------------
----- CONTACT DETAILS -------------------------------------------------
------------------------------------------------------------------------
Chris Livingstone
e-mail: mailto:chris-l@ntlworld.com
web site: http://www.pcparamedic.org.uk |
|
|
|
