Self-defense

If you are working outside the network, you still need some firewall protection

Personal firewalls aren't just for the home; they are for any mobile user with a modem or wireless connectivity, every telecommuter and every small-office user who has a permanent broadband connection.

Others who need personal firewalls are those whose work requires isolation from the local network for performance or security reasons and therefore connect to the Web directly.

Many small police stations, fire departments and branch offices of large agencies need Internet access but not a dedicated server.

These offices do just fine with dial-up, digital subscriber line, DirectWAY (two-way satellite broadband) or cable connections.

Dial-up connections are relatively safe from intrusion and not as likely to experience port scanning.

But PCs connected to the Web via always-on connections are often the targets of hackers who, if nothing else, could hijack the computer to launch denial-of-service attacks against other systems.

Even dial-up connections aren't completely safe. Virtually all notebook PCs need some sort of personal firewall because they often connect to wireless or other networks, any of which could pose a threat.

Personal firewalls also protect particularly sensitive workstations permanently connected to LANs. They impose some overhead but can include pop-up ad blockers and other tools that enhance Web access.

Close the ports

Products in the accompanying chart range from freeware to enterprise-grade managed firewalls for mobile workers and telecommuters.

Some personal firewall software selectively opens and closes the TCP, User Datagram Protocol and Internet Control Message Protocol ports by which computers on the Internet and other networks communicate.

These firewalls make a cable modem or DSL connection invisible to malicious software that constantly scans the Web for new systems to penetrate. Locking a door is important, but it's even better to lock an invisible door.

Data packets exchanged between computers contain a source and destination address as well as an identifier that shows what protocol type is used. A firewall can filter the packets based on that information. Other firewalls restrict Web access to certain applications.

Packet filters are the easiest firewalls to implement and impose the least overhead on the system.

A major drawback to packet filters, however, is that it's relatively easy to spoof or fake an address.

Stateful firewalls monitor traffic and attempt to block unusual packets based on a history of previous traffic.

Content filtering should detect malicious Java or ActiveX code, various scripts that could be hidden in HTML page code and some cookies. Instead of or in addition to port hiding and packet filtering, a firewall can also block specific applications or let them access the Web but block data such as passwords from being transmitted.

Besides blocking intruders, a firewall might be configured to prevent access to unauthorized Web sites.

First and foremost, a firewall must be robust enough to handle the threats that might be encountered.

For dial-up users with little sensitive information on their hard drives, a basic firewall will probably do a good enough job.

More sophisticated firewalls not only attempt to block malicious attacks, they also log such events and even attempt to trace the source.

Computers with broadband connections, especially those holding sensitive data, might need a firewall with sophisticated intrusion-detection and logging features.

Buyers need to decide what sort of response is appropriate to any attack and choose a firewall that can be configured to provide that response.

John McCormick is a free-lance writer and computer consultant. E-mail him at powerusr@yahoo.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above