How can personal firewalls help your PC?

February 27, 2002 Posted: 8:48 a.m. EST (1348 GMT)



By Robert L. Hummel

(IDG) -- A personal firewall is technology that helps prevent intruders from accessing data on your PC via the Internet or another network. It achieves this by keeping unauthorized data from entering or exiting your system.

Hackers don't just target national security organizations for cyberattacks. They want your tax returns, network passwords, or bank account numbers. And you don't want the FBI kicking in your door because someone hijacked your PC to participate in the latest denial-of-service attack on the Internet. Now that "always-on" broadband connections such as cable modems and digital subscriber line are becoming more popular, home users are at risk. Fortunately, you can protect your data. Firewalls can block malicious attacks and protect your PC from outside threats. INFOCENTER home
Free daily newsletters Week in Reviews

Related Stories
What is a virtual private network?
Five free firewall utilities
Keep testing your firewall

PC Product Finder
An inside tour of the Pentium 4
Surviving a disk crash: A checklist

Visit an IDG site

Choose a site: CIO Computerworld Darwin The Industry Standard JavaWorld LinuxWorld Macworld Online Network World Fusion PC World UnixInsider search

Here's what you need to know:

A firewall can prevent an unauthorized user from accessing your PC, either from the Internet or from within your local network.
It blocks some Trojan horse programs and many hostile applications that seek to take over your computer.
New packages aimed at home users and small businesses are inexpensive and require little setup on your part.
When you're connected to the Internet, you're sending and receiving information in small units called packets. A packet contains the addresses of the sender and the recipient along with a piece of data, a request, a command, or almost anything having to do with your connection to the Internet. But just as with postal mail, not every package that arrives at your computer is one you want to open.

A firewall examines each data packet sent to or from your computer to see if it meets a set of criteria. The firewall then selectively passes or blocks the packet.

Examining data for cracks
The criteria a firewall uses for passing packets along depends on the kind of firewall you use. The most common type you'll find for home and small business use is called an application gateway firewall.

An application gateway, often called a proxy, acts like a customs officer for data: Anything you send or receive stops first at the firewall, which filters packets based on IP addresses and content, as well as the specific functions of an application. For instance, if you're running an FTP program, the proxy could permit file uploads while blocking other FTP functions, such as viewing or deleting files. You can also set the firewall to ignore all traffic for FTP services but allow all packets generated during Web browsing.

Other kinds of firewalls include packet filters, which examine every packet for an approved IP address; circuit-level firewalls, which allow communication only with approved computers and Internet service providers; and the newest type, stateful inspection firewalls, which note the configuration of approved packets and then pass or block traffic based on those characteristics.

Packet-filter, circuit-level, and stateful inspection firewalls are mostly found in corporate network setups. They require major upkeep, so they aren't suitable for most smaller companies and home users.

Insurance for your home PC
If you work at a large corporation, odds are good that a firewall sits between you and the outside world. But the increased availability of cable and DSL service means you could spend more time connected to the Internet from home -- and more time as a potential target for hackers. You're somewhat vulnerable even on short dial-up connections. Unfortunately, most people become aware of the danger only after they become victims. With cyberattacks increasing, Chris Christiansen, an analyst with market research firm IDC, predicts that firewalls will be ubiquitous in five or six years.

But you don't have to buy an expensive, hard-to-maintain security system for your PC. Personal firewalls, usually based on the application-gateway model, can keep you safe. These products don't require you to program complex restrictions. They'll guide you through a setup that asks you what you want to allow or block. They can also help you monitor intrusion attempts and protect you from most Trojan horse or spyware programs that let a hacker control your computer over the Internet. They can hide your identity while you surf, too.

Personal firewalls are available either as part of an integrated security suite or as stand-alone software. Symantec's $69.95 Norton Internet Security 2002 package, for example, bundles a personal firewall for Windows with software for Web-ad and cookie blocking, parental Web control, personal security and virus scanning. If you don't want a whole kit, you can get firewall software such as Network Ice's BlackIce Defender, McAfee's Personal Firewall or Zone Labs' free ZoneAlarm.

Companies including Check Point and Gibson Research's Internet Connection Security for Windows Users make high-end firewalls, such as the ones used by corporate IS departments. These firewalls often come as part of a dedicated server and are usually incorporated into a company's overall security strategy, which may also include a virtual private network (see "What is a virtual private network?" link below). Because of their complexity and cost, such firewalls aren't a good option for small business or home users.

Firewalls move into the mainstream
While most personal firewalls are available now as software that you install on your PC, IDC analyst Christiansen predicts that firewalls will be integrated into hardware in the next few years. That means the next DSL or cable modem you buy or lease may have a firewall already installed.

To make maintaining a firewall easy, Christiansen says, companies will offer subscription services. You'll pay $50 a month and the company will make sure your firewall is up-to-date. That maintenance is key to keeping your data safe: As soon as hackers hear about a weakness in a firewall, they hunt for people who haven't upgraded to the latest version and break in.

As our dependence on the Internet and computers grows, so will the personal consequences of a security breach. Whether to protect your personal information from theft or to keep your PC from being hijacked by a hacker, installing a personal firewall makes sense.