Text Box: Carst Consulting Newsletter

 

 

 

Firewalls

 

What is a firewall and why do I need one? 

 

Let’s start with the why – which is the Internet.  The Internet allows for two-way traffic.  In the same way that you can access various computers on the Internet, the reverse is also true – your computer can be accessed by these same computers as well. 

 

Your computer connects to the Internet through a modem connected either to your phone line or cable TV connection.  The modem connects to your computer via ‘ports.’ Ports are simply internal addresses that exist on your computer.  They’re used to access various different devices, such as your monitor, printer, keyboard, mouse, as well as your internet modem.  Your internet modem may have several different addresses or ports for different types of communication.  Email will use one port, your browser will use a different port for general browsing, another port for video and still another for audio.  You cannot close the ports or your computer will become useless. 

 

These ports are accessed to connect your computer to the Internet, specifically a DNS (Domain Name Server) that can then redirect traffic from your computer to a computer that contains the information that you are looking for.  It might be email, a recipe, a news bulletin or Aunt Sally’s Better Cookie Jar Sales.

 

The trouble starts because the reverse is also true.  Once you are connected to the Internet, you also have a registration on the same DNS server and your computer has its address.  In reality, it is generally anonymous.  Your name and other data are not really registered with the DNS, just the fact that the IP Address you are connected through is in use.

 

Hackers have programs that can rapidly test many ports on the IP addresses assigned to AOL or RoadRunner or Comcast Cable or any other Internet Service Provider.  If any ports have been left unprotected, the hacker can gain access to the computer that is currently using that IP Address.  And worst of all, you won't even know you have been compromised.  In most cases, unless the hacker uses so many resources that your computer slows down to the point where you cannot do your own work or play, you won’t know you are infected or hi-jacked.

 

A good firewall will stop this activity in its tracks.

 

What does a firewall do?

 

A firewall will monitor traffic through the ports on your computer and will check which program or driver is accessing the port and what the destination is for that traffic.  If it determines that the traffic is from a normal service like a print spooler and is destined for the printer, it will allow it to go through.  If it is a call by your Internet browser program (Internet Explorer or Netscape or FireFox ) and the destination is not on a banned site list the firewall will allow it to go through.  If the traffic is from the Internet and the destination is your hard drive or your email box, the firewall will either block the traffic (most probably) or ask you if you want to allow it to access your computer.

 

Most people will not allow this outside access.  However, there are exceptions.  If you go to a legitimate site such as Microsoft or a radio station or ESPN or CBSNews, you may want to view some multi-media content.  These sites will try to check your computer for a program capable of playing their sound or video clip.  You will be prompted as to whether or not to allow this activity.  You have the option of either allowing it once, or by checking a box in the query window, telling the computer to always trust this site.  Without a firewall, you may not be asked the question of whether you want the activity to be allowed.  That is another way that hackers can get control of your computer.

 

What happens if I don’t have a firewall?

 

Once a hacker has access to your computer, he can do anything that you can do on your computer.  He can read your mail, open your documents, and make changes that you may not want or like.  Hackers will often use your computer as a zombie – a means of having your computer send spam emails.  It is estimated that more than 60% of all spam is sent via this method.  This hides the true origin of the unwanted email.  One client's computer had sent 5,000 emails for an unknown hacker.  His only complaint to me was that his email seemed slow.  His friend had not received an email from him for more than an hour after he sent it.  Usually, they exchanged email in less than a minute.  My own Internet Service Provider (ISP) had AOL deny mail delivery from its mail servers because of the problem.  They were able to fix the problem, but not without some irate messages from users like myself.  Most ISPs try to keep this from happening, but they cannot eliminate it altogether.

 

How do I get a firewall?

 

If you have Windows XP® and you installed Service Pack 2, you already have one.  It just may need to be configured.  If you have AOL 9.0 or higher and accepted all the downloads, you have a good firewall.  If you have Norton Personal Firewall, Norton Internet Security or McAfee Security, you have a good firewall.

 

Some users have asked me whether having an Internet connection hub that connects two or more computers to the same Internet connection is protection enough.  The answer is no.  The connection hub doesn't protect you from malicious sites that you may end up at while surfing the Internet.  It does stop 99.99% of the IP Address testers I mentioned earlier, but there are just too many other problems that could occur to depend on the hub.

Commercially available hard firewalls that cost more that $1,000 are available.  They provide the best protection, but generally are overkill for a home/home office user.

 

I got a firewall free on a shared program site.  Am I protected?

 

If you have a 'freeware' firewall that you downloaded from the web because a friend told you about it or you got a message recommending it or you got a pop-up window while surfing that Internet, you are part of the problem.  These programs are generally either not a good firewall 'OR' they are disguised as firewalls and are really configuring you to do exactly what you intended to prevent.

 

If you don't have an anti-virus program, my inclination is at this time is to stop reading this message, shut off your computer and take it out to the backyard and give it a decent burial.  You are a major contributor to the problems on the Internet.  But instead I'll say get a firewall that includes the anti-virus program in it.

 

If you have an anti-virus program, I recommend that you purchase a firewall from the same company that made your anti-virus program.  That most probably is McAfee or Norton (Symantec) or Computer Associates.  If you have Windows XP and want to depend on Microsoft for your firewall, download or send off for the Service Pack 2 for Windows XP.  I have a version of the Service Pack that I could send to you on a disk or you can ask Microsoft to send you one.  I haven't seen a copy of SP2 in retail stores.  I doubt they will be providing it, as they want you to purchase a copy of Windows XP Upgrade just to get the Service Pack.  (The cost is ~$100 for Windows XP Home and ~$200 for Windows XP Professional and your computer will need to meet minimum standards for Windows XP if you are upgrading from a previous version of Windows.)

 

Firewalls are needed because when you are connected to the Internet, you are vulnerable to attacks and threats that could harm your computer or could hi-jack your computer to harm other computers or send spam.  If your computer becomes infected, you become a menace to other computers on the Internet.  I’ll gladly answer any questions that you have about any of my newsletters in regards to Internet Problems.