Welcome to the second part of our tutorial about Firewall's, written by Alan Lloyd on behalf of WWW Security Services.
During these tutorials we will be mainly using the free firewall provided by Zone Labs. Zone Alarm Our recommended firewall. (and no we don't sell it or get anything for promoting it. Its just good and FREE
In the last section we talked a little bit about incoming and outgoing communications. Put simply what a firewall does is to monitor communication into your computer and sometimes out of your computer and stop what it thinks shouldn't be allowed. !few!
Now that's out of the way its plain sailing right? Well yes, and no. You don't really need to know that much more to be able to protect yourself from threats. However if you do want to know more then please read on.
From now on we will be referring to the free version of ZoneAlarm. Why? Because its FREE. Plus it's what i have running:)
When you run a firewall like ZoneAlarm you are protected from most attacks and trojans.
Basically a firewall trusts nobody unless it is told otherwise. It secures your computer from the outside world. If you do not have a firewall please run one of the port scanning tools on www-ss.com you will probably see some 'Port Open' warnings. This means your computer can send and receive information on the open port. NOT GOOD
You should now install a firewall. Then if you were to run the test again with the firewall switched on you should see that all your ports now report either 'Port Closed' or if you are using a good firewall then 'Port Blocked' will be displayed.
Now turn the firewall off and run the test again. Notice anything?
That means that you probably won't want to turn that firewall off again. :)
The firewall sits between your computer and the Internet. When your computer is probed from the outside world it just ignores it. Thus making people think that the computer is not switched on. This is very good and will show up in a port scan as 'Port Blocked' or 'Stealthed'
If a potential attacker scans your computer (and they will) getting no answer is the best thing to make them move on.
You might think that if a firewall blocks all access to the Internet then you won't be able to access the World Wide Web at all. Don't worry you can still remain safe and use the computer.
Read on to find out how to allow access through your computer
When you first install a firewall it will normally configure its self to allow web browsing and some other features. When you first run a program that needs access to the internet the firewall will stop it. A popup will appear asking you if you wish this program to access the Internet. If you say YES then the program will be allowed to send and receive information from the World Wide Web. If you say NO the firewall will block all further attempts by this program to access the internet.
Programs that will need Internet access are things like your web browser, E-mail program, FTP program, News reader, Google Toolbar, etc. Lots of programs use the Internet in some way so check every popup carefully.
If a popup appears with a program name you don't recognise then say NO. You can always change the setting in your firewall's configuration. This feature sometimes refereed to as 'Outgoing Program Control' is great for stooping trojans from being abused.
Remember. If you are unsure SAY NO
You can always change your answer in the firewall's configuration software if you need to.
After you have run a firewall for a few days check the log files created by the firewall. You might be surprised about the number of port scans and attempted break ins of your system.
------------------------------------------------------------------------
------------------------------------------------------------------------
So now we know what the problem is we need to know what we can do about it.