Firewalls

[davidP]

Does anbody know a site with a good clear explanation of what firewalls are & how they work?

 

I was trying to explain to a non-technical person exactly what a firewall was as they were asking me if they needed to get one, and I found it surprisingly difficult to phrase it so he could understand any more than the very basics. As he's on a dial-up modem I told him that he probably didn't need one as he has decent anti-virus, but I think he wants to understand more before deciding.

 

Thank you :

[Tony 1]

David, try this link, http://www.homenethelp.com/web/explain/abo...t-firewalls.asp

 

firewalls are a must, anti virus software won't protect you on it's own.

 

Don't buy one, get the free zone alarm at http://www.zonelabs.com/store/content/cata...id=home_zainfo.

 

regards Tony.

 

[ 16. August 2003, 01:01 PM: Message edited by: Tony C ]

[Rogerb]

Also have a look at Sygate

 

I’m not an expert but reading the opinions of others that purport to be its supposed to be one of the better freebies. I’m pretty sure it blocked msblaster as the logs showed blocked incoming traffic on IP port 4444 which is where Symantec are saying firewalls should be blocked.

 

They also have a good forum.

 

See what you think.

 

All the best.

Roger.

[Newt]

davidP - even simpler than that link and maybe with some detail you could use.

 

All internet traffic including email, browsers, etc. depend on making a connection between 2 addresses. Much like sending regular mail to someone or calling them on the phone. And like mail/phone, no two PCs will have the same address that it presents to the internet.

 

Since you only have one address, you'd expect to be limited to one connection at a time but this isn't the case because of an added thing called a "port". The port is an extra bit of address added on to the end of your main address.

 

Different programs use a port to establish a sort of electronic/virtual wire between 2 PCs so that, for instance if your address were 123.44.55.222, your browser using port 80 (standard for http traffic) would have a connection to 123.44.55.222:80.

 

A firewall is basically a piece of hardware or software that manages and watches the ports. The simplest sort like the one that comes with XP behaves like a gate in a fence. It is either open or shut and when open, any animal that wants to can pass. If you have port 80 open, your browser can function but anyone wishing to send you a bad thing will know you have port 80 open and can use it. You won't notice. Nor will this firewall make any attempt to prevent a program from opening a port from the inside and sending stuff out. Spyware is designed to do just that. You invite it in thru port 80 (but don't know that you did). It picks another port to send out information about you to it's owner.

 

Better ones like Kerio, Zone Alarm, and others have additional features. They behave like a fence with gates but with a guard at each gate who will check stuff trying to go in or out. If information is trying to leave thru a port you are having monitored, the guard will ask your permission before allowing the information to leave.

 

Even better is what is usually known as a "stateful" firewall. It not only has a gate guard but has guards with brains. They examine the traffic trying to get thru ports you have open to see if it fits with what would be expected. To extend the fence/gate analogy a bit further, if the gate is normally only used by cattle & people, the guard would notice a Zebra trying to pass and ask you about it.

 

In the case of the MSBlast thing that is causing so much problems just now, analysts figured out that the program must be able to use ports 69 and 4444 (out of the 64,000 available) and if you close those to all traffic, MSBlast can't become functional and do any damage even if you do get infected.