Texting is a form of the spoken word, not writing. If you look at it in terms of how it is used, etc. The spoken word is generally ephemeral, for comm...
August 3, 2014
Childhood Memories, Coincidences and a Dog named for a Monkee
May 6, 2012
The twitterverse erupted today when a popular talk show host expressed his disdain at the prospect of Idris Elba, a black actor of modest following, w...
Black James Bond?
December 24, 2014
What is a Firewall?
May 14, 2012
In principle a firewall is anything intended to prevent the spread of a fire from one area to another. We put them in apartment buildings so that a fire starting in one apartment does not spread to others. There is one in your car, between the engine compartment and the passenger space, to prevent heat and noise, and even potential fire from encroaching on the passengers.
When we talk about a computing firewall, the concept is similar. We erect a barrier between spaces, our computer and the network it is connected to, and our network and the Internet, to prevent the spread of “fires” or in this case, viruses, worms and other malware, between networks.
This barrier, ultimately, takes the form of some specialized software. It can be software that resides on your computer, and it can be software that resides on a dedicated machine setup for that specific purpose. In general terms, a specialized machine acting as a firewall is often called a “Router”. Such a machine also often provides other specialized functions as well, firewall being only a subset of it's services. Such additional services include things such as Wifi wireless access, NAT (Network Address Translation) functions, and more. Almost all routers include Firewall functions. Actually, you can scratch that “almost” as I have never known a router that was not also a firewall, and I'm not entirely sure how that would be possible, to a greater or lesser degree.
If you are on the Internet, AT ALL, you need a firewall. Or more correctly you need TWO firewalls. This is not exactly being redundant, as each firewall fulfills two distinct roles. The first firewall you need is usually contained within the Router that connects you to your ISP. Often, this is a WiFi Access device, and provides many router services, including a Firewall. The second firewall is on your PC, and is a part of your operating system. Apple has a firewall in Snow Leopard and Lion, accessed from System Preferences|Personal|Security|Firewall. Microsoft similarly has a firewall in all current versions of Windows. The Firewalls in these machines should always be on and operational.
In most cases, if you have a Router with Firewall enabled (usually the default) and a computer with it's firewall enabled, you are protected. However there are degrees of being protected, and with a little work you can make your firewalls much more robust.
There are third party software firewalls you can install on your PC or Mac. It is unclear how much real-world improvement one gains by ditching the OS Firewall for a third-party one, but most seem to feel the ones that ship with the machine are not the best. There are excellent free third-party firewalls as well as for-pay ones. One of the best is Zonealarm, for the PC. It is free, and works very well. The OS X firewall is pretty decent on it's own, and I do not know of any free ones, but there are a slew of inexpensive ones. One I see recommended often is called “Little Snitch”, but I have no direct experience with it.
When it comes to your router, the firewall software therein is usually adequate. But like the OS Firewall on the PC's there are ways to improve things. The very best way to improve your router is to change it's operating system. All routers ship from the factory with an operating system placed on it by the vendor. In most cases these are closed-source products of varying quality, and unless you get regular updates from the vendor, they are likely full of flaws. Regular updates are fine until your vendor stops supporting your router. Then you are stuck with whatever it has, good or bad.
The alternative is to ditch the factory router OS, and install something else. Far and away the best “Something else” is an open source, Linux derived system known as DDWRT1. DDWRT incorporates the very best firewall technology, a system called “iptables”, an extremely powerful and configurable firewall. It is widely considered the industry's best. Further, since DDWRT is created by, and supported by the Open Source Community, fixes and updates are free-flowing, and your router is not as likely to be abandoned. I am a big fan of DDWRT and recommend it highly.
To recap, make sure your Router's firewall is set up and working. There are tons of support and discussion forums where any platform imaginable can be researched. Usually the factory default setting is adequate, just make sure it's turned on. But with a little work you can greatly improve it by fine tuning things. If you want the ultimate router functionality, I strongly recommend upgrading to DDWRT if your router supports it. Most do, but there are a few cheapies that won't. If you have one that won't run DDWRT, there are other reasons to discard it and buy a better router. Sometimes, junk is just junk.
On a Mac, check System Preferences and make sure the firewall is on. Likewise on a PC make sure it is on, but also perhaps consider installing Zone Alarm instead of the stock Windows Firewall.
Finally, Google around and read the various forums, and learn about firewalls. I recommend starting with the support forums for DDWRT. Much of the material is really quite simple once you absorb the nomenclature. A firewall is a pretty simple device.
Even if you do not want to become a firewall expert, and are scared of setting up DDWRT, just making sure the basic firewalls in the router and PC are enabled and working will go a long way toward protecting your system from infiltration. Even the basic firewalls running factory default settings are pretty good.
1See http://www.infoworld.com/d/networking/teach-your-router-new-tricks-dd-wrt-174050?source=footer for a much more extensive article on DDWRT