US-CERT Cyber Security Tip ST04-004 -- Understanding Firewalls
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST04-004
Understanding Firewalls
Understanding Firewalls
When anyone or anything can access your computer at any time, your
computer is more susceptible to being attacked. You can restrict
outside access to your computer and the information on it with a
firewall.
What do firewalls do?
Firewalls provide protection against outside attackers by shielding
your computer or network from malicious or unnecessary Internet
traffic. Firewalls can be configured to block data from certain
locations while allowing the relevant and necessary data through (see
Understanding Denial-of-Service Attacks and Understanding Hidden
Threats: Rootkits and Botnets for more information). They are
especially important for users who rely on "always on" connections
such as cable or DSL modems.
What type of firewall is best?
Firewalls are offered in two forms: hardware (external) and software
(internal). While both have their advantages and disadvantages, the
decision to use a firewall is far more important than deciding which
type you use.
* Hardware - Typically called network firewalls, these external
devices are positioned between your computer or network and your
cable or DSL modem. Many vendors and some Internet Service
Providers (ISPs) offer devices called "routers" that also include
firewall features. Hardware-based firewalls are particularly
useful for protecting multiple computers but also offer a high
degree of protection for a single computer. If you only have one
computer behind the firewall, or if you are certain that all of
the other computers on the network are up to date on patches are
free from viruses, worms, or other malicious code, you may not
need the extra protection of a software firewall. Hardware-based
firewalls have the advantage of being separate devices running
their own operating systems, so they provide an additional line of
defense against attacks. Their major drawback is cost, but many
products are available for less than $100 (and there are even some
for less than $50).
* Software - Some operating systems include a built-in firewall; if
yours does, consider enabling it to add another layer of
protection even if you have an external firewall. If you don't
have a built-in firewall, you can obtain a software firewall for
relatively little or no cost from your local computer store,
software vendors, or ISP. Because of the risks associated with
downloading software from the Internet onto an unprotected
computer, it is best to install the firewall from a CD, DVD, or
floppy disk. Although relying on a software firewall alone does
provide some protection, realize that having the firewall on the
same computer as the information you're trying to protect may
hinder the firewall's ability to catch malicious traffic before it
enters your system.
How do you know what configuration settings to apply?
Most commercially available firewall products, both hardware- and
software-based, come configured in a manner that is acceptably secure
for most users. Since each firewall is different, you'll need to read
and understand the documentation that comes with it in order to
determine whether or not the default settings on your firewall are
sufficient for your needs. Additional assistance may be available from
your firewall vendor or your ISP (either from tech support or a web
site). Also, alerts about current viruses or worms (such as US-CERT's
Cyber Security Alerts) sometimes include information about
restrictions you can implement through your firewall.
Unfortunately, while properly configured firewalls may be effective at
blocking some attacks, don't be lulled into a false sense of security.
Although they do offer a certain amount of protection, firewalls do
not guarantee that your computer will not be attacked. In particular,
a firewall offers little to no protection against viruses that work by
having you run the infected program on your computer, as many
email-borne viruses do. However, using a firewall in conjunction with
other protective measures (such as anti-virus software and "safe"
computing practices) will strengthen your resistance to attacks (see
Understanding Anti-Virus Software and other security tips for more
information).
_________________________________________________________________
Both the National Cyber Security Alliance and US-CERT have identified
this topic as one of the top tips for home users.
_________________________________________________________________
Authors: Mindi McDowell, Allen Householder
_________________________________________________________________
Produced 2004 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST04-004.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBReXZrexOF3G+ig+rAQLF2Qf+PeNbdzooAgTHVUZIMzUFdqRsnLw6WOBV
jnbQsnUEJbgfS32if4IIn4oQm1eySeyDB8DgK0ESLERQLuPn8D9tH2MzIHnWkh8U
w+OsgiYs7K8F7rGDtB6phySZaWFhmKsayeLoCPleEpRzyRecXSEGpmghoPGNIdHH
dNBKTY6yFD0M6fy0ti67nfmjspDfzzCcwcIdMskPL7NyZOM03RgijwlNEXe1ID8n
k95wZjcl2KJjfBqSCoolVtAhEEjm9lnsWn9SzfibOU54x3w7Zlv+hMPn+RH6bQ7p
57qQOUrZShUG4MXacGUPftoNzvkvz3O/LUJydmkVEVtHA0xTihXrpQ==
=vyN8
-----END PGP SIGNATURE-----
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
