US-CERT Cyber Security Tip ST04-004 -- Understanding Firewalls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        Cyber Security Tip ST04-004
                          Understanding Firewalls

   When anyone or anything can access your computer at any time, your computer
   is more susceptible to being attacked. You can restrict outside access to
   your computer and the information on it with a firewall.

What do firewalls do?

   Firewalls provide protection against outside attackers by shielding your
   computer  or  network  from malicious or unnecessary Internet traffic.
   Firewalls can be configured to block data from certain locations while
   allowing  the  relevant  and necessary data through (see Understanding
   Denial-of-Service Attacks and Understanding Hidden Threats: Rootkits and
   Botnets for more information). They are especially important for users who
   rely on "always on" connections such as cable or DSL modems.

What type of firewall is best?

   Firewalls  are  offered in two forms: hardware (external) and software
   (internal). While both have their advantages and disadvantages, the decision
   to use a firewall is far more important than deciding which type you use.
     * Hardware - Typically called network firewalls, these external devices
       are positioned between your computer or network and your cable or DSL
       modem. Many vendors and some Internet service providers (ISPs) offer
       devices  called  "routers"  that  also  include firewall features.
       Hardware-based firewalls are particularly useful for protecting multiple
       computers  but also offer a high degree of protection for a single
       computer. If you only have one computer behind the firewall, or if you
       are certain that all of the other computers on the network are up to
       date on patches and are free from viruses, worms, or other malicious
       code, you may not need the extra protection of a software firewall.
       Hardware-based firewalls have the advantage of being separate devices
       running their own operating systems, so they provide an additional line
       of defense against attacks. Their major drawback is cost, but many
       products are available for less than $100 (and there are even some for
       less than $50).
     * Software - Some operating systems include a built-in firewall; if yours
       does, consider enabling it to add another layer of protection even if
       you have an external firewall. If you don't have a built-in firewall,
       you can obtain a software firewall for relatively little or no cost from
       your local computer store, software vendors, or ISP. Because of the
       risks associated with downloading software from the Internet onto an
       unprotected computer, it is best to install the firewall from a CD or
       DVD. If you do download software from the Internet, make sure it is a
       reputable, secure website (see Understanding Web Site Certificates for
       more information). Although relying on a software firewall alone does
       provide some protection, realize that having the firewall on the same
       computer as the information you're trying to protect may hinder the
       firewall's ability to catch malicious traffic before it enters your
       system.

How do you know what configuration settings to apply?

   Most  commercially  available  firewall  products,  both hardware- and
   software-based, come configured in a manner that is acceptably secure for
   most  users. Since each firewall is different, you'll need to read and
   understand the documentation that comes with it to determine whether or not
   the  default  settings on your firewall are sufficient for your needs.
   Additional assistance may be available from your firewall vendor or your ISP
   (either from tech support or a website). Also, alerts about current viruses
   or  worms  (such as US-CERT's Cyber Security Alerts) sometimes include
   information about restrictions you can implement through your firewall.

   Unfortunately, while properly configured firewalls may be effective at
   blocking some attacks, don't be lulled into a false sense of security.
   Although they do offer a certain amount of protection, firewalls do not
   guarantee that your computer will not be attacked. In particular, a firewall
   offers little to no protection against viruses that work by having you run
   the infected program on your computer, as many email-borne viruses do.
   However, using a firewall in conjunction with other protective measures
   (such as anti-virus software and "safe" computing practices) will strengthen
   your resistance to attacks (see Understanding Anti-Virus Software and other
   security tips for more information).
     _________________________________________________________________

     Both the National Cyber Security Alliance and US-CERT have identified this
     topic as one of the top tips for home users.
     _________________________________________________________________

     Authors: Mindi McDowell, Allen Householder
     _________________________________________________________________

     Produced 2004 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST04-004.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     








-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSjk+33IHljM+H4irAQLnngf9FRotl11RxccfxP4bZUg719710GFIhovK
w45PLdTQWhlr6fCVGbcSywhZFKEBXaD0UGini5nO7nCWJR4P1aT6Sthsg6JVSnri
KV8y1U3XYPdsAuuSE8AZX1Zuv61BCA/ccl4QIix0jsjwEtipPej8ah097SOe11Lm
WGaA8qh2uwywtvo3CoSxO8PVER4bbBaqkdPIl3t6nkgFmhU2T4L5d3pgoP2MBfoV
h3Pa/+sGvj9XccbiupbOxtAN2tBe161J3qziVpVsANi6jSwxklbxkg0QMGWtr3Jp
5DVCzWTLXmT2ZEmdmBvlbiVBmMNRddqLrOySiyOovIAzYXLL/Fwp6A==
=m5O+
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux