|
Personal
Firewalls for Home Users
Author:
Pawan Bangar
What
is a Firewall?
The
term "firewall" illustrates a system that protects a
network and the machines on them from various types of attack.
Firewalls are geared towards keeping the server up all the time
and protecting the entire network.
The
primary goal of a firewall is to implement a desired security
policy; controlling access in both directions through the firewall,
and to protect the firewall itself from compromise. It wards off
intrusion attempts, Trojans and other malicious attacks.
Personal
Firewalls: They are meant for the home user in a networked environment.
They aim to block simple attacks, unlike the enterprise level
firewalls that the corporate world uses at the server or router
end. There are many ways to implement a firewall, each with specific
advantages and disadvantages.
Are
they really needed? Nowadays organizations and professionals use
Internet technology to establish their online presence and showcase
their products and services globally. Their endeavor is to leverage
digital technology to make their business work for them.
All
the organizations and professionals are shifting from Dialup to
broadband and getting a fixed IP. It has led to an increase in
security attacks, bugs in everyday working. This does not mean
that Dialup being anonymous dynamic link or the firewall of the
ISP network make you pretty safe.
Now
if your machine was under attack, you must have wondered what
went wrong making your system crash suddenly. So I would rather
like to say, it’s not necessary for anyone to actually know
about you or your IP address to gain access to your system.
If
you system is infected or prone to intrusions, then beyond the
anonymity of your Dialup connection or a dynamic IP, your system
can be hacked.
Types
of Attacks
Intrusion:
There are many ways to gain unauthorized access to a system. Operating
system vulnerabilities, cracked or guessed passwords are some
of the more common. Once access is attained, the intruder can
send email, tamper with data, or use the system privileges to
attack another system.
Information
Theft and Tampering: Data theft and tampering do not always require
that the system be compromised. There have been many bugs with
FTP servers that allow attackers to download password files or
upload Trojan horses.
Service
Attacks: Any attack that keeps the intended user from being able
to use the services provided by their servers is considered a
denial of service attack. There are many types of denial of service
attacks, and unfortunately are very difficult to defend against.
"Mail bombs" are one example in which an attacker repeatedly
sends large mail files in the attempt at filling the server’s
disk filesystem thus preventing legitimate mail from being received.
Types
of Attackers
Joyrider:
Not all attacks on computer systems are malicious. Joyriders are
just looking for fun. Your system may be broken into just because
it was easy, or to use the machine as a platform to attack others.
It may be difficult to detect intrusion on a system that is used
for this purpose. If the log files are modified, and if everything
appears to be working, you may never know.
Vandals:
A vandal is malicious. They break in to delete files or crash
computer systems either because they don't like you, or because
they enjoy destroying things. If a vandal breaks into your computer,
you will know about it right away. Vandals may also steal secrets
and target your privacy.
“In
an incident a Trojan was being used to operate the web cam. All
the activities being done in the house were being telecasted on
the websites.”
Spies:
Spies are out to get secret information. It may be difficult to
detect break-ins by spies since they will probably leave no trace
if they get what they are looking for.
A
personal firewall, therefore, is one of the methods you can use
to deny such intrusions.
How
Firewalls work? Firewalls basically work as a filter between your
application and network connection. They act as gatekeepers and
as per your settings, show a port as open or closed for communication.
You can grant rights for different applications to gain access
to the internet and also in a reverse manner by blocking outside
applications trying to use ports and protocols and preventing
attacks. Hence you can block ports that you don’t use or
even block common ports used by Trojans.
Using
Firewalls you can also block protocols, so restricting access
to NetBIOS will prevent computers on the network from accessing
your data. Firewalls often use a combination of ports, protocols,
and application level security to give you the desired security.
Firewalls
are configured to discard packets with particular attributes such
as:
Specific
source or destination IP addresses. Specific protocol types TCP
flags set/clear in the packet header.
Choosing
a firewall: Choose the firewalls which have the ability to ward
of all intrusion attempts, control applications that can access
the internet, preventing the malicious scripts or controls from
stealing information or uploading files and prevent Trojans and
other backdoor agents from running as servers.
The
purpose of having a firewall cannot be diminished in order to
gain speed. However, secure, high-performance firewalls are required
to remove the bottleneck when using high speed Internet connections.
The World-Wide-Web makes possible the generation of enormous amounts
of traffic at the click of a mouse.
Some
of the good firewall performers available in the market are below:
•BlackICE
Defender •eSafe Desktop •McAfee Personal Firewall•Neowatch
•Norton Personal Firewall •PGP Desktop Security•Sygate
Personal Firewalls •Tiny Personal Firewall •Zone Alarm•Zone
Alarm Pro
Most
of these firewalls are free for personal use or offer a free trial
period. All the personal firewalls available can’t ensure
100% security for your machine. Regular maintenance of the machine
is needed for ensuring safety.
Some
of the tasks advised for maintaining system not prone to intrusions:
•Disable
file and print sharing if you are not going to be on network.
•Update your antivirus signature files regularly.
•Use a specialized Trojan cleaner.
•Regular apply security patches to your software and operating
system.
•Don’t open email attachments if you have don’t
know the contents it may contain.
•Don’t allow unknown applications to access to the internet
or to your system.
•Regularly check log files of your personal firewall and
antivirus software.
•Disable ActiveX and java and uninstall windows scripting
host if not required.
•Turn off Macros in Applications like Microsoft Office and
turn macro protection on.
•Check the open ports of your system and see them against
the common list of Trojans ports to see if they are being used
by some Trojan.
• Log Off from your internet connection if not required.
Being
online on the internet for long duration gives any intruder more
and sufficient time to breach system security. •Unplug peripherals
like web cam, microphone if they are not being used.
About
the author:
Pawan Bangar, Technical Director , Birbals, India
Click
here for more articles on this topic.
{--} |
