In this post we will look further into the world of firewalls and wireless LAN. Just to make it a bit easier, we'll divide this topic in three:
- Personal firewall
- Router/external firewall
- Wireless LAN
A foreword on firewalls
Some people tend to look at firewalls as a magical and super effective way of protection. I'm sorry to disappoint you, but a firewall is nothing more than an advanced router. At least for private consumers. So why is that? Well, a router have the ability to block out unwanted traffic. Since this series of posts is aimed at ordinary people who are not necessarily computer geeks, I'll try to do my best and explain it. In this post you will not learn the technical stuff, and fellow geeks might want to post comments to fill in the wide gaps that I leave here. Feel free to comment, but remember the intended audience..
A firewall usually looks at source/destination ports and IP. This means that it have full knowledge of where the traffic comes from, where it goes (by looking at the IP's), and what type of traffic it could be (by looking at the port numbers). If the firewall is not extremely old (10-20 years) it probably have a good idea of the states of communication. This could be translated to "stages" in normal life. Basically, the firewall knows if the incoming traffic is a legitimate answer to something you really asked for. It also knows if the incoming traffic is something not related to whatever goes on behind the firewall (you downloading a file or browsing the Internet). Besides that, it can also block traffic that is considered to be just rubbish or useless. By the way, keeping track of all the ongoing stages of your Internet communication is an ability commonly called "stateful".
So why is the firewall overrated? Well, in the case of an external firewall that usually sits in your router or modem, it have pretty much no idea of whats going on in your computer. The firewall will allow responding traffic back through the firewall regardless if it is you trying to download a file, or if it is a trojan in the process of adding more viral code to your computer. And if you are visiting a webpage that hosts viral code, it will be let through the firewall. The firewall basically thinks "well, my master on the other side have an Internet Explorer session going on. Whatever his browser asks for , I will let through.". And if you have blocked several ports in your firewall, it will of course let traffic through on the ports that are still open. Viral code on your computer that starts to download other viral code or some command traffic, might be just smart enough to do that on port 80 (HTTP web traffic). Your firewall will just yawn and go "…hmmm..ok..my master have a web session going on. I'll pass along whatever web traffic that is requested.". This might be untrue on smarter firewalls that have some sort of inspection capability, but for normal private consumers, we will just have a router with a simple firewall. We have an on/off switch for it, and we might have the ability to set some levels of protection.
Given the pretty disappointing text in the previous chapter, I will keep this one short. Take a look in your routers or modems manual and try to find out what options you have. And take notice of this:
- A router or modem might have firewalling capabilities, but it might be switched off out of the box. Dig in there, and see if you need to enable it.
- A router or modem usually have a web interface that is reached from 192.168.1.1, 192.168.1.254 or some other basic private address. The user name and password for logon is usually out of the box something like "admin" and "1234". Change it to something more difficult like "admin" and "jK78Ytgd#4". Write it down and keep the note in a safe place. Written, on paper. Some routers have flaws or bugs that might be exploitable. A lot of those exploits only works with the specific router brands default user name and password.
- Dont play around too much with "external DMZ" or "Dynamic DNS" settings if your not confident with what you're doing.
- If you only have a modem as the front guard of your home network, or if you have a router that is +10 years old – consider buying a new router! You might be surprised to see that routers are quite cheap nowadays. And they are better, have better security, and probably consumes less power. Think about our environment while your at it.
Geek tip: If you are concerned with the security of your home network, and have the knowledge of (or aiming at) tampering with hardware and software, please check out Packetprotector or X-wrt for a serious router makeover.
Or WiFi. Or just wireless. A good thing to start of with: If you dont use it – turn it off. Wireless LAN can be a security risk, but it very much depends on you surroundings. If you live on a farm with several miles to the nearest house, you might wanna skip this chapter. Although, if you live on a farm and wear a tin-foil hat…keep reading.
Modern routers support all common WiFi standards such as 802.11 b and 802.11g. A modern router supports a wide variety of wireless encryption such as WEP, WPA, and WPA2. You should know that with the right amount of effort, they can all be hacked, leaving your router accesible to unauthorized people. I highly recommend that you stick with WPA or WPA/WPA2 as WEP is not more than a joke on the security arena.
A few tips:
- Enable encryption, and use a strong (hard to guess) key (password). Preferably, use WPA2. You might even want to change it on a regular basis, like twice a year.
- SSID (Service Set Identifier). This is the name of your wireless network. Pick a name that does not easily give away who's network it is.
- Broadcast SSID? Most often you have the option to set this to ON or OFF. If you set it OFF after you have connected your computer to the wireless network, your computer will still be able to find it. The network will not be visible to others. This means that any average user may not find your wireless network, but any not-so-average user running Linux and Kismet (me!) will still find your network. The IT-security community does not always agree whats best in the case of broadcast or not. By turning off the broadcast, your router might constantly go "Is it you? Are you one of mine?" to any computer that looks for a wireless network.
- MAC filter. The MAC address is the unique ID of any network card, wireless or not. While connected to your wireless network, you can go into the router settings and enable the MAC filter and set it to only allow your MAC address. This adds a little security, but the average hacker have no problem with faking a MAC address.
- If you are changing settings like MAC filtering and/or WiFi keys or passphrases, make sure to do everything right. Or have a spare network cable to use between your computer and the router. If you make a wrong turn, you might lock yourself out of the router.
- If you lock yourself out, there usually is a very small hole on the back side. Press it (and hold) with a pen or similar to make an entire reset of your router settings. Please note that this will erase all previously entered settings, and the router will go back to the settings that came out of the box.
Yes it's really personal . It's called personal just because it is installed on your personal computer. You may also refer to it as a software firewall. If you run some sort of later Windows system, you probably have a Windows firewall built in to the operating system. Some differences and considerations in personal firewalls are:
- Windows firewall is basic – it manages traffic pretty much like the router. But it has some features that are a little more accessible since it's right there in front of you. It lies in the "Security center" in the "control panel", at least if you run XP.
- Most of the third-party (some other companys software product) personal firewalls offer a lot more features like: Application firewall, system environment control features, and even some basic malware detection.
- Some third-party personal firewalls might ask if it's ok to disable the Windows firewall when you are installing it. This is ok. Running two personal firewalls at the same time is usually not a good idea.
- Most personal firewall offer "application firewall" features. This is really what makes the personal firewall valuable: Not only does the firewall block unwanted traffic, it is also able to control what applications that can communicate with the outside world. Lets say you install some basic application "XYZ" that needs no connection to the internet. And suddenly your personal firewall says "Application XYZ needs to contact http://xxxx. Is this ok?". And heres where most people kill the real value of the personal firewall – within 200 milliseconds they click "Accept" just to get rid of the annoying pop-up. Which in real life might result in a permanent OK for that particular application to, without any notice, freely communicate with some badguy on the other side of the planet. Not good. Spend the extra seconds on those pop-ups – it might save you money, and your computer.
Some third party personal firewalls for Windows
This one is pretty easy to set up, offers basic application firewall features, and is easy to understand and manage. Recommended.
This is an old time favourite with a near 4 million downloads on download.com. It's good. Sygate was bought by Symantec some years ago, and the version offered at download.com is probably not maintained. By the way, if a small company get eaten by a much larger company like this, it's a pretty good hint that they really knew what they were doing..
Now, if you were to buy a complete security suite like the ones mentioned before in this series of posts, you will probably get a personal firewall included. And theres a strong chance that the firewall you pay for is better than the free ones.
Before moving on to part 4 and the behavioral risks, I would like to conclude the IT risks. We have looked into the basics of malware protection and bad traffic protection. So whats the future? All of the protective measures you have read about so far are reactive measures. This basically means that we actually dont do much to prevent the bad stuff from happening, but are rather interested in knowing when and why it happened.
So, one step forward to meet the increasing risks are to switch over to proactive measures. This is the future. One method of acheiving this is certificate based checksum protection of your files in your computer. You define what applications that are allowed to interact with certain files, and if a virus slips in – theres nothing it can really do if you set up this protection right.
And while I'm at it – consider this:
- The antivirus vendors do not spread viruses to make the antivirus business stay alive. They are loosing the battle, and need to focus on proactive measures to stay alive.
- An antivirus application will not protect you from 100% of all viruses. It will protect you from 30-40%. But you still cant live without it.
- Applications like antivirus and firewalls are pretty dumb. The smart stuff happens when you learn to manage them and understand what they are telling you.
- Being wreckless on the internet is far worse than being without antivirus protection.
- This series is intended for basic users – theres a lot more to learn!
- Dont be a basic user all your life. Stay interested, and learn.
<< part 2 | part 4 >>