Thursday, December 6, 2012

Firewalls: Personal Vs Network

Most people who use computers these days, which is just about everyone, have heard of firewalls. They know that they protect computers from all of the "bad stuff" that is circulating around the internet these days. However, most don't know much more than that and there are some definite areas of confusion.


Probably the most confusing thing is that there are two different types of firewalls, Personal and Network. They are similar in they both filter communication to and from computers to provide security. They differ in that a personal firewall is installed on an individual's computer to protect that computer while a network firewall is installed on a network computer or router to protect all of the computers on the network.


The way people discuss Network firewalls often creates the impression that a firewall is a type of computer hardware. Yes, you can buy computers and routers with the firewall application preinstalled, but it is still as software concept. There is no such thing as hardware only firewall.


A network needs to have a firewall at every interface point with other networks. If you have a firewall at connection points with other networks in your organization, an intranet, you make sure that any hacker and/or malware that has compromised a portion of the network will not access the rest of the network. Most important, of course is to have a firewall at connection points to the internet. The internet is a playground for hackers who are constantly coming up with new ways to compromise computers for malicious and nefarious schemes.


You might think that this is obvious to people who administer networks, but apparently not to everyone. Each year, Verizon issues the Data Breach Investigations Report (DBIR). The report is based on data provided by the US Secret Service and security agencies in the Netherlands, England and Australia


According to the DBIR 96% of breaches were not highly difficult and 97% were avoidable through simple or intermediate controls. For victims subject to the Payment Card Industry Data Security Standard (PCI DSS), 97% had not achieved compliance. The PCI DSS is intended to protect cardholder data for debit, credit, prepaid, e-purse, ATM, and Point of Sale (POS) cards.


The two most common reasons for security breaches and non PCI compliance was lack of a firewall and virus scanning. The remarkable thing about this is that there are some excellent firewall and scanning systems available for free!


It is also important that every computer on a network or connected to the internet of a personal firewall installed.


A personal firewall is similar to a network firewall in that it filters network traffic to and from a computer, but just for the computer it is installed on. It will permit or deny communications based on its settings. A personal firewall allows users to set varying levels of trust and individual security policies.


It's possible that a desktop or server computer inside a protected network may not need a personal firewall, but users are increasingly relying on mobile computers. Mobile computers especially require firewall protection because they may connect to various networks and the internet via WiFi.


Microsoft Windows comes with Firewall software installed. If you have had it turned off it displays warnings that your computer is not protected.


However, Windows 7 and Vista firewalls do not monitor outbound connections by default and not at all for Windows XP. The security settings are relatively difficult to change.


I recommend using a "third party" firewall, particularly because you can get some very good free firewalls that also provide malware scanning.


Not all scanners are the same. I prefer scanners that are very aggressive. The problem with most antivirus protection is that they only address viruses and exploits that have been identified and added to a "blacklist" of known viruses.


Not bad, except there are approximately 40,000 new viruses and system exploits unleashed EVERY DAY! They will eventually update their blacklist for a specific issue, but you are always playing catch-up.


I prefer protection that uses a "whitelist" concept and sandbox. With this technique, program files are compared to a list of valid files and only allowed to run in your system if they are on the list. If the scanner has any suspicions about a program, it is run in an isolated system area called a sandbox where the scanner can determine if it is OK or should be deleted.


Firewalls are easy to setup and there are excellent free anti-malware and firewall suites available. Whether you have a network for a business or just a home computer, you owe to yourself to implement the best available.

0 التعليقات: