Understanding Firewalls

By Wayne Maruna

 

In this article we will examine another word that information technology professionals have appropriated and applied their own meaning to:  ‘Firewalls’.

 

A firewall, as used in construction, is a barrier, often made of masonry or covered in a fire-rated drywall material, which is designed to deter the spread of fire from one enclosed area to the next, e.g. a firewall between adjoining condominium units.  The metal wall between a car’s engine compartment and its passenger compartment is also called a firewall.  In either example, the firewall is used to protect an occupant on one side of the wall from danger that might arise on the other side.

 

When used in discussing computers and computer networks, a firewall describes a technological barrier (hardware or software) which prevents the unauthorized or unwanted transfer of data or executable programs from one computer or network to another.

 

How they work 

A dissertation on the inner workings of firewalls would require digging down into the detailed technical weeds.  Instead, let’s use a metaphor to help explain how firewalls work.  Imagine one of those clear plastic Hamster Habitats with a couple different rooms and a clear round tube tunnel connecting the two rooms.  Now imagine that the room on the left is your computer, and the room on the right is the big, bad internet.  When you type a web address into your browser and hit Enter, it’s like handing a shopping list to your partner hamster and sending him/her (it’s hard to tell with hamsters) out from the computer side through the tube tunnel and over to the other room to pick up some carrots and broccoli.  If this was a wide-open tunnel with no doors on either side, there would be nothing to block creatures living in the other room from coming back down that tunnel and stealing the veggies you already had stored up.  Bummer.

 

So you hire a Bouncer Hamster to check credentials at the tube tunnel’s opening to your side of the Hamster Habitat.  That bouncer is our metaphorical firewall.  Your partner hamster comes back up the tunnel with his market basket and the bouncer says “Yo, where do you think you’re going?”  Your partner hamster shows him the signed shopping list you gave him when you told him to bring back the veggies, and the bouncer allows your associate to pass back in.

 

There, you now understand how firewalls work at their most rudimentary level.

 

 

 

Hardware Firewalls

No doubt you are now asking yourself if you should have a firewall.  If you have a broadband connection (cable or DSL), which nearly everyone does these days, the answer is an unequivocal ‘Yes’.  Without a firewall, every hamster on the internet is going to crawl into your computer and eat your veggies and fruit and seeds, and likely leave behind the digested remnants of yesterday’s consumption, if you catch my metaphorical drift.  Now the good news is that if you have more than one computer in your house, you very likely already have a hardware firewall.  That’s because you probably use a router to share your internet connection amongst the multiple computers, and nearly every modern router incorporates firewall capabilities.  If you look up the specs on your router, you should find acronyms like NAT (Network Address Translation) or SPI (Stateful Packet Inspection).  You don’t need to understand what that all means or how it works – not many people do - just know that these are forms of access control that determine whether or not to allow packets of data to pass through to the other side of the firewall.

 

            If you are a single PC user, then you may well be at some risk.  If all you have between your computer and the broadband modem supplied by CenturyLink or Suddenlink or SomeOtherLink is the Ethernet cable itself, then the only thing preventing you from being overrun by evil tube travelers is the software firewall built into every version of Windows since XP. That’s better than nothing, but you really should think about adding some muscle.  With firewall equipped routers selling for as little as $35, you’d be well advised to add one between your modem and computer.  They are not difficult to install and should not have any deleterious impact on your web connection.  This is really cheap added insurance, folks.

        

        Software Firewalls

            Another option is a software firewall.  There are free software firewalls available, with those from ZoneAlarm (http://www.zonealarm.com) and Comodo (http://personalfirewall.comodo.com) among the most popular.  Software firewalls not only guard against in-bound threats but also outbound threats, preventing malware programs that have managed to land on your computer from phoning home.  Many experts will tell you that even if you have a hardware firewall, you should add a third-party software firewall to replace the Windows firewall.  I’m personally not in that camp, as most software firewalls require some ‘training’ to work right, and the vast majority of users simply are confused by the alerts thrown up by the software firewall.  Such firewalls are often part of so-called internet security suites found in commercial programs from Norton / Symantec, McAfee, Kaspersky, and others.

 

            When Microsoft released their free Microsoft Security Essentials anti-virus and anti-spyware program last year, they chose not to include a software firewall, instead incorporating a design which would work with Windows’ built-in firewall.  This reduces the dependence on the user to understand and analyze network activity they may not comprehend, resulting in their blocking legitimate traffic or allowing actual threats.

 

            Having a firewall does not relieve the need to have an up-to-date and functioning anti-virus/spyware application running.  It just adds a first line of defense to your perimeter. And remember that perhaps the greatest security threat to a PC is the user himself.  A firewall will not block a malicious email or prevent you from clicking on a malicious link.  A cautious user is a smart user.  Mom said ‘Better safe than sorry’.  That’s still good advice.