US-CERT Cyber Security Tip ST04-004 -- Understanding Firewalls
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST04-004
Understanding Firewalls
When anyone or anything can access your computer at any time, your computer
is more susceptible to being attacked. You can restrict outside access to
your computer and the information on it with a firewall.
What do firewalls do?
Firewalls provide protection against outside attackers by shielding your
computer or network from malicious or unnecessary Internet traffic.
Firewalls can be configured to block data from certain locations while
allowing the relevant and necessary data through (see Understanding
Denial-of-Service Attacks and Understanding Hidden Threats: Rootkits and
Botnets for more information). They are especially important for users who
rely on "always on" connections such as cable or DSL modems.
What type of firewall is best?
Firewalls are offered in two forms: hardware (external) and software
(internal). While both have their advantages and disadvantages, the decision
to use a firewall is far more important than deciding which type you use.
* Hardware - Typically called network firewalls, these external devices
are positioned between your computer or network and your cable or DSL
modem. Many vendors and some Internet service providers (ISPs) offer
devices called "routers" that also include firewall features.
Hardware-based firewalls are particularly useful for protecting multiple
computers but also offer a high degree of protection for a single
computer. If you only have one computer behind the firewall, or if you
are certain that all of the other computers on the network are up to
date on patches and are free from viruses, worms, or other malicious
code, you may not need the extra protection of a software firewall.
Hardware-based firewalls have the advantage of being separate devices
running their own operating systems, so they provide an additional line
of defense against attacks. Their major drawback is cost, but many
products are available for less than $100 (and there are even some for
less than $50).
* Software - Some operating systems include a built-in firewall; if yours
does, consider enabling it to add another layer of protection even if
you have an external firewall. If you don't have a built-in firewall,
you can obtain a software firewall for relatively little or no cost from
your local computer store, software vendors, or ISP. Because of the
risks associated with downloading software from the Internet onto an
unprotected computer, it is best to install the firewall from a CD or
DVD. If you do download software from the Internet, make sure it is a
reputable, secure website (see Understanding Web Site Certificates for
more information). Although relying on a software firewall alone does
provide some protection, realize that having the firewall on the same
computer as the information you're trying to protect may hinder the
firewall's ability to catch malicious traffic before it enters your
system.
How do you know what configuration settings to apply?
Most commercially available firewall products, both hardware- and
software-based, come configured in a manner that is acceptably secure for
most users. Since each firewall is different, you'll need to read and
understand the documentation that comes with it to determine whether or not
the default settings on your firewall are sufficient for your needs.
Additional assistance may be available from your firewall vendor or your ISP
(either from tech support or a website). Also, alerts about current viruses
or worms (such as US-CERT's Cyber Security Alerts) sometimes include
information about restrictions you can implement through your firewall.
Unfortunately, while properly configured firewalls may be effective at
blocking some attacks, don't be lulled into a false sense of security.
Although they do offer a certain amount of protection, firewalls do not
guarantee that your computer will not be attacked. In particular, a firewall
offers little to no protection against viruses that work by having you run
the infected program on your computer, as many email-borne viruses do.
However, using a firewall in conjunction with other protective measures
(such as anti-virus software and "safe" computing practices) will strengthen
your resistance to attacks (see Understanding Anti-Virus Software and other
security tips for more information).
_________________________________________________________________
Both the National Cyber Security Alliance and US-CERT have identified this
topic as one of the top tips for home users.
_________________________________________________________________
Authors: Mindi McDowell, Allen Householder
_________________________________________________________________
Produced 2004 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST04-004.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSjk+33IHljM+H4irAQLnngf9FRotl11RxccfxP4bZUg719710GFIhovK
w45PLdTQWhlr6fCVGbcSywhZFKEBXaD0UGini5nO7nCWJR4P1aT6Sthsg6JVSnri
KV8y1U3XYPdsAuuSE8AZX1Zuv61BCA/ccl4QIix0jsjwEtipPej8ah097SOe11Lm
WGaA8qh2uwywtvo3CoSxO8PVER4bbBaqkdPIl3t6nkgFmhU2T4L5d3pgoP2MBfoV
h3Pa/+sGvj9XccbiupbOxtAN2tBe161J3qziVpVsANi6jSwxklbxkg0QMGWtr3Jp
5DVCzWTLXmT2ZEmdmBvlbiVBmMNRddqLrOySiyOovIAzYXLL/Fwp6A==
=m5O+
-----END PGP SIGNATURE-----
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
