Firewall

The vulnerability of computer systems to malicious or criminal attack has been greatly increased by the growing number of connections between computers (and local net-works) and the worldwide Internet (see computer crime and security, Internet, and tcp/ip). The widespread use of permanent broadband connections by consumers (such as DSL and cable modem links) has increased the risk to home users. Intruders can use “port scanning” programs to determine what connections a given system or network has open, and can use other programs to snoop and steal or destroy sensitive data.

A firewall is a program (or combination of software and hardware) that sits between a computer (or local network) and the Internet. Typical firewall functions include:

•  Examining incoming data packets and blocking those that include commands to examine or use unauthor-ized ports or IP addresses

•  Blocking data packets that are associated with com-mon hacking techniques such as “trojans” or “back-door” exploitations

•  Hiding all the internal network addresses on a local network, presenting only a single address to the outside world (this is also called NAT, or Network Address Translation)

•  monitoring particular applications such as ftp (file transfer protocol) and telnet (remote login), restrict-ing them to certain addresses. Often a special address called a proxy is established rather than allowing direct connections between the outside and the local network.

Firewalls are usually configured by providing a rule that specifies what is to be done based on the origin address or other characteristics of an incoming packet. Because con-nections made by local programs to the outside can also compromise the system, rules are also created for such applications. The firewall package may come with a set of default rules for common applications and situations. When something not covered by the rules happens, the user will be prompted and guided to establish a new rule.

Modern firewalls are “stateful,” meaning that they keep track not only of the source and destination of individual packets but their context (including originating applica-tion). Microsoft Windows Vista has improved the operating system’s built-in firewall, at the expense of added complex-ity. Zone Labs’s ZoneAlarm is another popular PC firewall. Linux provides a default firewall called iptables, which can be configured by a variety of applications. For added pro-tection, users of broadband Internet connections should not connect their PC directly to the Internet. Rather, an inex-pensive wired or wireless router that includes a built-in firewall can be connected on one side to the cable or DSL modem and on the other side to one or more computers in the local network. Internet security packages for home users often com-bine a firewall with other services such as virus protection, parental control, and blocking of objectionable content or advertising.