Thomas Northcut/Photodisc/Getty Images
A firewall is a means of controlling network access to one or more computers. The Internet is really one large network, which includes your computer. A firewall protects your computer by acting as a gate through which both all data must pass. By blocking certain kinds of traffic, the firewall protects your computer or network from unauthorised users and safeguards your data from attack. Setting up a firewall has distinct advantages and disadvantages.
Techniques and Attacks
Information is vulnerable on disk and in transit. Networks break down data into units called "network packets." "Packet sniffers" can record them. By spoofing IP addresses, attackers intercept traffic, sending you fake data and commands.
Firewalls use a variety of techniques to protect against attacks. As proxy servers, firewalls mask your IP address and limit traffic types. External computers communicate with them, instead. As circuit-level gateways, firewalls limit connections to trusted networks only. Packet-filtering firewalls examine each packet, rejecting those that fail security testing.
Hardware or Software
A hardware firewall, or router, connects to the Internet and your network. Routers are separate devices that protect your entire network. Some Internet Service Providers provide routers with their service.
Many Windows and Macintosh operating systems have a built-in firewall. You can also add a third-party software firewall, like ZoneAlarm or McAfee. The U.S. Computer Emergency Readiness Team (US-CERT) recommends installing software firewalls from a disk, because downloads could be insecure.
A firewall blocks "evil packets" from being "permitted to reach a place where they can do harm," says Terry Gray, Chief Technology Architect for the University of Washington. The key issue is not whether to block harmful packets, but where to block them. The individual system's operating system-based firewall can be configured to provide a great deal of security, but a network-based firewall, such as a router, can protect multiple systems simultaneously.
Packet filtering by a software firewall can degrade your system's performance, because it's a demanding task to examine every packet of data. A hardware firewall eases this burden.
Whichever option you choose, configuring and maintaining the firewall can be a difficult maintenance chore. A network firewall also can lend users a false sense of security, encouraging them not to maintain security at the machine level. If the network firewall fails or is not configured properly, this could prove disastrous.
- Thomas Northcut/Photodisc/Getty Images