Custom Gaming Computers and Computer Hardware Upgrades
Here at Forbidden Computer Services, we specialize in
building affordable custom gaming computers and computer hardware
upgrades, as well as spyware/malware removal, and computer repair.
Check out our standard builds or contact us for a custom order. Let
us help you Upgrade Your Computer
Do you really need a firewall?
A recent discussion in one of my Yahoo Groups
prompted me to write this article about firewalls. The basic consensus
among the groups moderators (I am not a moderator) is that a hardware
firewall, or 'router' is the only adequate solution
and that software firewalls should not be used by 'average users'. I have
to disagree.
Lets take a look at what
hardware and software firewalls do, and how each can fit into your
security solution, and why I think those experts are dead
wrong.
Hardware Firewalls
A hardware
firewall is exactly what it sounds like - a piece of hardware that
one must purchase and attach between the computer and its internet
connection - usually a broadband connection. These devices are commonly
referred to as 'Routers'. They can be as cheap as $30.00
for a simple, basic, four port router, or they can be several
thousand dollars for a fully configured Microsoft ISA Server. For this discussion I
will limit this to the basic routers a home user would buy
to build a home network, typically costing less than 100 dollars. Although
technically they are not really 'firewalls', they function as a firewall through
the use of something called Network Address Translation or NAT. To understand NAT and how
it works like a firewall, you need to know a little bit
about IP addresses.
What is an IP Address?
It is your computers 'Internet
Address', just as your home address is used to identify a specific house
on a specific street, in a specific city and state, yout IP address is
used to identify a specific computer on a specific network connected to a
specific part of the Internet. It consists of four numbers separated by
periods (.) - xxx.xxx.xxx.xxx and each of the numbers may range from 0 to
255. There are two different types of IP addresses, 'Public' and
'Private', and you can tell one from the other by the first
number. If the first number is 10, 172, or 192, then it is a Private
IP address. All other numbers, with a few exceptions, are Public IP
addreses. The difference is that Public IP addresses can be reached from
any other computer on the Internet, while Private IPs can only be reached
from within the local nework (LAN). So how does all this relate to
NAT? Well, if your computer is on a local network, with a private IP
number, the only way it can communicate with other computers on the
Internet, is through a Router using Network Address Translation. Basically
the Router converts your local IP address into the Public IP address
assigned to you by your ISP.
How does NAT work like a firewall?
NAT works like a firewall
because it treats the LAN side (your computer) and WAN side (the
Internet) differently. Anything coming from the LAN side (your computer)
will be translated and sent out, but stuff coming from the WAN
(Internet) side will be translated and sent to your computer ONLY if
your computer has already requested a connection to the computer sending
the data. Think of NAT as a door to the Internet with no doorknob on
the Intenet side, so only your computer can open the door to let data in.
This effectively renders your computer invisible to outsiders.
Software Firewalls
A software firewall works quite
differently to achieve the same thing. It is a piece of software that runs
on your computer and it controls data flowing into, and
out from your computer. Like the router, incoming data is
ignored unless a program on your computer first establishes a connection
and requests the data. BUT, unlike a router, it also controls the flow of
data out of your computer as well. Any program that wants to connect to
the internet must first ask permission from the firewall, and then the
firewall checks its program permissions list to see if the program is
'always allowed', 'always blocked', or 'must ask'. If the
program is on the 'must ask' list, then the user must decide whether to
allow the program to have internet access or not. So like the router, this
door to the Internet has no doorknob on the outside, but on the inside we
now have a lock, and programs wanting to open the door must have the
key.
|
