HOME PC Alamode About Us HELP
Reviews Columns Features Archives Other  

by John Woody
and Mike Espinoza

Index
 Comm Corner

Computers and Security
Firewalls: Software and Hardware

John Woody is a net working communications consultant specializing in small office, home office networks, training setup, and internet connectivity.

Michael Espinoza is owner of Technology Coaching, a training and consulting firm that specializes in the PDA market. He co-chairs the PDA SIG with John Woody.

This column addresses some the software and hardware products and issues of firewalls, while continuing the question of how do computers and security affect computer communications? Small Office, Home Office hosts (individual computers) and networks are capable of running software or hardware based firewalls and can have those firewalls installed as necessary for protection of the computer data. Especially, those running direct Internet connections, i.e., always up connections such as DSL or direct cable. Either software or hardware based firewalls are good for the SOHO user. I personally tend to go with the hardware based systems. Most SOHO users with broadband Internet and one or more computers connected together can or should use one of the software firewall versions at a minimum. Firewalls were once the domain of corporate networks and Web sites. Now SOHO users need the same system technology to protect one or more computers. The same attacks made by hackers on the corporate systems are being used to attack individual computers. Stories about denial-of-service attacks, viruses, and privacy invasions are common evening news nowadays. 

The primary reason for having a firewall is to protect against unauthorized entry into your computer or network. Firewalls provide one more component in the overall security of individual computer or network wide data from unauthorized use or theft. This is especially true with broadband connections such as direct cable or DSL. Both technologies keep the connection open between your computer and the ISP at all times, i.e., the definition of direct connections. Firewalls, either software or hardware based, are designed to keep unauthorized access out of your computers. We covered the specifics required in firewalls in last month’s column. To be effective, the firewall system employed must have packet filtering, NAT (Network Address Translation), and proxies available. Most also have some capability for DHCP (Dynamic Host Configuration Protocol), and intruder detection. Many of the commercial software systems add antivirus, advertising blocking, and parental control. Firewalls are software or hardware tools that screen inbound and outbound Internet or network traffic from intruders.

The software firewalls are sometimes called personal firewalls and are installed as software applications on the personal computer for the protection of that machine alone. The hardware units are often incorporated in routers used as broadband terminal adapters, switches, and network hubs, and are used to protect multiple computers in networks from outside attack. Some hardware firewalls are run on a different operating system to further curtail unauthorized entry.

Outside attacks include security threats from many sources. Many of the threats are directed strictly at corporate Web and network servers in large companies. The advent of personal use broadband capability has moved most of the corporate threats to the individual users. From the corporate hacks, the attacks quickly move to the personal computer area via unauthorized entry, viruses, worms, Trojan horses, malicious scripts and applets, e-mail snooping, keystroke monitoring, referrers, spam and cookies.
 

  • Corporate network and Web server attacks 

    • are normally not a problem for the SOHO user, except that many small business users may have public Web servers available for access. The risk is high that Internet hackers may attempt to gain access to these servers to disrupt service or for theft of data. Firewalls, passwords, OS bug-fixes, and threat review are needed for this protection.

  • Unauthorized computer access 

    • is a problem for all users, especially DSL and direct cable users. The risk is high for the individual data on that machine as unauthorized hackers attempt to gain access to that data. Privacy and theft of data is the big issue with unauthorized computer access. Software firewalls, closed OS ports, disable file and print sharing, and good password control are needed for this protection.

  • Viruses, worms, and Trojan horses 

    • are also threats for all users, especially those connected to the Internet. The risk is moderate to high for all users as these nasty software programs can be gotten through e-mail and downloaded software as well as from the floppy disk not checked. These items are intended to cause data loss, monitor activities, and in some cases actually cause physical equipment failure. Again, firewalls, and anti-virus programs are the first line of defense.

  • Malicious scripts and applets 

    • are threats to all users. The risk is mild for all users when the invasion is from rouge Web pages. The e-mail scripts such as the “I Love You” virus can also be grouped into this category and are a high risk to all users. The risk is in the fact that privacy is invaded, passwords are stolen, and files can be damaged. Protection is provided by disabling the scripting support in browsers and using software that blocks passage of these attacks.

  • E-mail snooping 

    • is a threat to all users. The risk is moderate to high for all users who send e-mail. Hackers and other unauthorized users can read e-mail from intervening pass-through servers or by actual physical access to the local machine or network. Protect against this threat is accomplished by encrypting e-mail, beefing the password protection, and limiting physical access to the computer.

  • Keystroke monitoring 

    • is a threat to all users. The risk is high for all users. Keystroke monitoring is accomplished by the use of Trojan horses and direct access to the computer. These nasty programs record everything typed at the keyboard and by intercepting keystrokes before password masking or encryption is employed. Protect by using anti-virus programs to intercept the Trojan horse viruses and control Internet access with firewall technology. At the local level, start system monitoring and limit physical access to the machine or network.

  • Referrer threat 

    • is an individual user problem as a result of visiting Web sites. The risk is mild for all users. These sites send e-mail as a result of individual user Web activity. The protection is accomplished by using ad blocking software programs and by using security programs.

  • Spam 

    • is a all user and corporate threat. The risk is mild as the attack is by e-mail and just fills your mail box full of unwanted messages. Some HTML-based spam may be able to profile and identify users. Protection is accomplished by filtering known spam sites and by blocking access of HTML messages.

  • Cookie threats 

    • affect individual users and is a mild to moderate threat to everyone. The risk comes from Web sties that are visited. Cookies trace Web usage and permit the creation of behavior and interest profiles of users. Control the cookies with cookie manager software programs and by limiting their access through the browser. Cookie manager programs control, edit and block the cookie activity.


Now, how do we gain peace of mind against all these threat. Firewall technology in the form of hardware and software is one answer. The next two sections contain a brief listing of both types with a summary of recent reviews of them.

Software Firewalls
Software firewalls that have been recently reviewed by the industry magazines include BlackICE Agent 2.0, eSafe Desktop 2.2, McAfee Internet Guard Dog 3.01, McAfee.com Personal Firewall 2.06, Norton Internet Security 2000 2.0, and ZoneAlarm 2.1. All are commercial application programs that can be purchased with the exception of ZoneAlarm and eSafe Desktop, which are free downloads. The price range was from free to $99.00 per node. All had levels of basic firewall technology installed with the exception of McAfee Guard dog, which did not cover any of the Internet protocol holes inherent in the TCP/IP suite of protocols. These functions include monitoring of ports, mapping attacking to IP addresses, protecting the non-standard ports, inbound/outbound filtering, supporting TCP/UDP and ICMP/ARP, blocking ICMP (ping) by default, works with multiple NICs (Network Interface Cards), detects applications on the fly, banner blocking and blocks fragmented traffic. In this category, Norton Internet Security 2000, McAfee Internet Security 2000, and ZoneAlarm met all the criteria.

The additional criteria functions looked at in parental control and virus scanner capabilities were covered by eSafe Desktop 2.2, McAfee Guard Dog 2.01, and Norton Internet Security 2000. BlackICE Agent, and ZoneAlarm 2.1 do not have any of these functions. The parental control functions include parental-control keyword filter/site blocking, option to hide private user info from Web, and downloadable list of banned sites.

The virus scanner functions contain all the usual areas of integrated virus scanner, virus signatures up datable on line, rescue disk, option to block IP that sent infected files, automatic quarantine/deletes infected files, and scheduler for scans.

The report valued Norton Internet Security 2000 2.0 as the best over-all program, primarily because of the parental and virus control functions. I personally like ZoneAlarm.

Hardware Firewalls
Hardware firewalls are normally reviewed as corporate or small office equipment. Price is a big factor in that the corporate firewalls use more technology than the small office equipment. Remember that any home user with a broadband connection and more than one computer connected to each other and the Internet is equivalent to a small office. Most hardware firewall technology is also incorporated into the routers used to connect networks to the outside world. These devices contain capability to act as switches or hubs as well. A WAN (Wide Area Network) port is used to connect the router to the broadband TA (Terminal Adapter) and there are usually at least one LAN (Local Area Network) port to connect to the inside. Some devices also contain additional ports that act as hub ports for the internal network.

Most of these devices are easy to setup and contain a Windows GUI or Web server to guide that setup. All of these devices contain network address translation (NAT) and DHCP utilities. The DHCP is usually server/client capable and makes it easy to connect the internal network machines. They have to be setup as DHCP clients and the firewall device then assigns the internal IP addresses to each machine. The DHCP client utility also is used to accept the ISP IP address from the broadband supplier. The NAT utility is the basic line of defense against attacks. NAT translates the internal IP addresses to the public address as the outbound traffic controller and back to the internal IP addresses for the inbound traffic.

The next line of defense is usually provided by the DMZ (DeMilitarized Zone) and filtering utilities. This is important to have in the firewall. The DMZ is placed between the Internet and the LAN. DMZ utilities require an additional LAN connection. The small office firewall devices usually do not have DMZ capability. Most of them use filtering to open specific ports that can be controlled for access. These devices also can be used to filter the outbound traffic to control what internal users have access to.

Devices that have been reviewed recently include D-Link Residential Gateway, Linksys EtherFast Cable/DSL Router, Netgear Gateway Router, Ramp Networks WebRamp, Sonic Wall SOHO, and Watchguard SOHO. The price range for these devices is from $140.00 to $480.00. The price greatly depends on the number of internal clients that can be serviced and ranges from 10 users to 235 users.

Copyright© 1996-2010
Alamo PC Organization, Inc.
San Antonio, TX USA