|What is a Firewall ?|
A firewall helps to keep your computer more secure. It
restricts information that comes to your computer from other computers, giving
you more control over the data on your computer and providing a line of
defence against people or programs (including viruses) that try to connect to
your computer without invitation.
You can think of a firewall as a barrier that checks information (often called traffic) coming from the Internet or a network and then either turns it away or allows it to pass through to your computer, depending on your firewall settings.
In Microsoft Windows XP Service Pack 2, Windows Firewall is turned on by default. You do not have to use Window's firewall; you can install and run any firewall that you choose. If you choose to install and run another firewall you may want to turn off Window's inbuilt firewall.
A personal firewall is hardware or software that provides a security system, usually to prevent unauthorized access from outside to an internal network or intranet, and sometimes in the opposite direction too. A firewall prevents direct communication between network and external computers by routing communication through a device that determines whether it is safe to let a file or communication request pass through to the network.
Your email is not the only way bad things can get into your computer. They can come in through your PCís open ports without you even knowing about them. The Blaster worm is the most widespread example of this. In case you donít remember, that was the one that caused your PC to shut down about a minute after youíd started it up!
If you leave your PCís ports open, you are at risk of the following nasties:
Port Scanning: Hackers scan the open ports on your PC to figure out if they are open or exist at all. If your computer reports an open port, a hacker can send a virus to it. They can even use an open port to take control of your PC.
Denial Of Service Attacks: This kind of attack happens when a hacker finds a responding port on your PC and sends a huge amount of data to it. The port is just unable to accept all of the data, the system resources exhaust, and the system crashes and denies service.
Spyware: These are programs secretly placed on your PC that gather information about you (such as your surfing habits, what other software you have on your PC, etc.) without your knowledge or consent. Spyware is mostly used by on-line or software companies for marketing purposes, but can be used by people with more sinister motives. At the very least it will adversely affect your systemís performance.
How does it work?
When someone on the Internet or a network tries to connect to your computer, we call that attempt an unsolicited request. When your computer gets an unsolicited request, the firewall checks its rules and if not catered for, blocks the connection request. If you run a program such as an instant messaging program or a multiplayer network game that needs to receive information from the Internet or a network, the firewall asks if you want to block or unblock (allow) the connection. If you choose to unblock the connection, the firewall creates an exception so that the firewall won't bother you when that program needs to receive information in the future.
For example, if you are exchanging instant messages with someone who wants to send you a file (a photo, for example), the firewall will ask you if you want to unblock the connection and allow the photo to reach your computer. Or, if you want to play a multiplayer network game with friends over the Internet, you can add the game as an exception so that the firewall will allow the game information to reach your computer.
A firewall controls communications to and from your PC, permitting or denying communications based on a Security Policy. According to the policy a firewall can...
make your PC invisible on the Internet. Your ports donít just appear closed, they donít even appear at all. This is very good !
automatically block suspicious incoming traffic;
So in short, if you donít have a firewall installed, then as soon as you connect to the Web (before you even start your browser or e-mail client) you are open to attack - because some or all of your ports are, by necessity, open and unmonitored.
A firewall is especially important if you have a permanently enabled Internet connection such as broadband. For dial-up users though, due to the relatively small window of opportunity you present and the heavy performance drain which software firewalls impose, many people choose not to run a firewall in these circumstances.
To avoid the performance drain that is inherent with software firewalls, a hardware alternative may be appropriate. These typically come as part of a router but could be set up as an old, otherwise redundant PC that sits between your Internet connection and your working PC.
What type to get ?
Hardware firewalls do not act as a drain on the performance of your PC as all software ones all do. The hardware can be in the form of an old, otherwise unused PC or it may come integrated with another device such as a bridge or router. Software routers can be bought, in which case you should expect a high level of performance and support, or may be free. Windows XP has a firewall built in, but it does not examine outgoing traffic at all, however this level of functionality causes relatively little drain on the performance of the computer.
Anything Wrong With Having Two Firewalls Running ?
No, but there may not be much advantage to doing so. Having said that, if you use a router with NAT, it's still sometimes a good idea to use a 3rd party software firewall. Like Windows XP's built-in firewall, NAT-capable routers do nothing to protect the user from him/herself (or any curious or overconfident teenagers in the home). Remember, almost all spyware and many trojans and worms are downloaded and installed deliberately (albeit unknowingly) by the user. So a software firewall, such as Sygate or ZoneAlarm, that can detect and warn the user of unauthorized outgoing traffic may be an important element of protecting one's privacy and security. Both Windows XPís firewall and the one in your router assume that any application you have on your hard drive is there because you want it there, and therefore has your permission to access the Internet. Further, because the Windows Firewall is a stateful firewall, it will also assume that any incoming traffic that's a direct response to a trojan's or spyware's outgoing signal is also authorized. ZoneAlarm, Kerio, or Sygate are all much better than Windows XP's built-in firewall, and are more easily configured, and there are free versions of each readily available. Note, you donít want two software firewalls running, however, a software firewall in addition to your router's [a hardware firewall] will not present an operational problem.
References: Why you should use a firewall