There are mean people out there that want very badly to get into your system or network. Maybe they want to steal information, to simply cause as much destruction as possible, or to use your system for their own uses. If you're online a lot or have a broadband connection, the attempts to enter your system may be relentless.
I feel that there are three main areas of defense against these threats: Anti-virus (of course), Firewall, and Spyware removal. With some programs being more important than others, but none being without importance. What I would like to do is give all of our readers at least a good concept of what these Firewalls and Anti-virus programs do to protect your system. I'm going to attempt to highlight the functions of these utilities and even some good practices that you can implement.
This week I'll be discussing the first line of defense between you and the Internet firewall. A firewall isn't going to stop you from getting a lot of viruses out there, unless it's the kind of viruses that proactively scans systems for open ports like the 32.Sasser that has recently stepped onto the virus scene. Where firewalls really come into play is in the area of Internet or Network access.
There are two basic types of firewalls: hardware and software.
A common hardware firewall is a routers. In a small network it sits in-between your PC and modem. These firewalls feature the ability to hide your PC from others on the Internet by assigning you private IP addresses through a process called NAT (Network Address Translation) or DHCP (Dynamic Host Configuration Protocol).
I may have lost some people there who are not familiar with IP addressing. This can get confusing rather quickly. To put it simpler: a router will take the Internet address that your ISP has doled out to you and give the PCs the are connected to the router a generic private IP address (not valid for the internet). The other primary job is to close ports (these are numbers that are associated with certain jobs, for example most email clients and servers use SMTP port 25 and POP3 port#110) ports can be a vulnerability as seen in the past and a hacker can have an easy time getting into your PC with ports wide open to the world. When hackers try to scan your network for known vulnerable ports the Firewall simply drops the packets because they contain data that no PC on the network requested.
Software firewalls are a little bit different and they have good points and bad points. First let me start by saying that it is always better to have a firewall then not to. The main difference between the two styles of firewalls is that one is an external device that runs on it's own hardware. The software firewall is an application that runs on your PC. This is the one down side I believe because it's one more application running on your PC while you're trying to surf the web and can cause resource overhead and slow things down in older PCs. In concept the firewalls really are the same, except that one of the biggest differences is a software firewall doesn't have any address translation services (i.e. NAT or DCHP).
Software firewalls do have some really great features however. For instance, a software firewall is great for someone who is new to this area of PCs and wants to learn more. I say this because most of these firewalls have a reasonably easy to understand interface different from the more "Techie" looking router interfaces.
Software firewalls also have a feature for Internet access that I think is very informative, for example in most of the software firewalls I have come across when a program tries to access the internet the firewall will pop up and ask you if you want this action to be allowed every time, prompt every time, or deny Internet access to the program. Most software firewalls will also notify you when someone from outside is hitting your firewall and a lot of times you get the IP address of the party on the other end of the actions. Both of these features can be used to further protect your PC, in some cases you might even be able catch a hacker trying to get into your PC by getting their IP address and then asking there ISP what this IP address is doing pinging your IP address.
I've actually helped one of customers do this they called me up and said that there firewall kept making noises and popping up with windows saying that there was some activity on here firewall. She said that this had been going on for a couple of days. Well we opened up the interface and looked at the log describing what the activity was and from whom it originated. There were a bunch of pings hitting her firewall, but the software gave us the IP address, and from there we opened up a command line and pinged the IP address back and it came up with their ISP's domain name. She called that ISP and talked to them about this address and what has been going on. I wouldn't be surprised if he was kicked from his Internet service.
I feel that there are three main areas of defense against these threats: Anti-virus (of course), Firewall, and Spyware removal. With some programs being more important than others, but none being without importance. What I would like to do is give all of our readers at least a good concept of what these Firewalls and Anti-virus programs do to protect your system. I'm going to attempt to highlight the functions of these utilities and even some good practices that you can implement.
This week I'll be discussing the first line of defense between you and the Internet firewall. A firewall isn't going to stop you from getting a lot of viruses out there, unless it's the kind of viruses that proactively scans systems for open ports like the 32.Sasser that has recently stepped onto the virus scene. Where firewalls really come into play is in the area of Internet or Network access.
There are two basic types of firewalls: hardware and software.
A common hardware firewall is a routers. In a small network it sits in-between your PC and modem. These firewalls feature the ability to hide your PC from others on the Internet by assigning you private IP addresses through a process called NAT (Network Address Translation) or DHCP (Dynamic Host Configuration Protocol).
I may have lost some people there who are not familiar with IP addressing. This can get confusing rather quickly. To put it simpler: a router will take the Internet address that your ISP has doled out to you and give the PCs the are connected to the router a generic private IP address (not valid for the internet). The other primary job is to close ports (these are numbers that are associated with certain jobs, for example most email clients and servers use SMTP port 25 and POP3 port#110) ports can be a vulnerability as seen in the past and a hacker can have an easy time getting into your PC with ports wide open to the world. When hackers try to scan your network for known vulnerable ports the Firewall simply drops the packets because they contain data that no PC on the network requested.
Software firewalls are a little bit different and they have good points and bad points. First let me start by saying that it is always better to have a firewall then not to. The main difference between the two styles of firewalls is that one is an external device that runs on it's own hardware. The software firewall is an application that runs on your PC. This is the one down side I believe because it's one more application running on your PC while you're trying to surf the web and can cause resource overhead and slow things down in older PCs. In concept the firewalls really are the same, except that one of the biggest differences is a software firewall doesn't have any address translation services (i.e. NAT or DCHP).
Software firewalls do have some really great features however. For instance, a software firewall is great for someone who is new to this area of PCs and wants to learn more. I say this because most of these firewalls have a reasonably easy to understand interface different from the more "Techie" looking router interfaces.
Software firewalls also have a feature for Internet access that I think is very informative, for example in most of the software firewalls I have come across when a program tries to access the internet the firewall will pop up and ask you if you want this action to be allowed every time, prompt every time, or deny Internet access to the program. Most software firewalls will also notify you when someone from outside is hitting your firewall and a lot of times you get the IP address of the party on the other end of the actions. Both of these features can be used to further protect your PC, in some cases you might even be able catch a hacker trying to get into your PC by getting their IP address and then asking there ISP what this IP address is doing pinging your IP address.
I've actually helped one of customers do this they called me up and said that there firewall kept making noises and popping up with windows saying that there was some activity on here firewall. She said that this had been going on for a couple of days. Well we opened up the interface and looked at the log describing what the activity was and from whom it originated. There were a bunch of pings hitting her firewall, but the software gave us the IP address, and from there we opened up a command line and pinged the IP address back and it came up with their ISP's domain name. She called that ISP and talked to them about this address and what has been going on. I wouldn't be surprised if he was kicked from his Internet service.
No comments:
Post a Comment
Comment here