Firewalls keep internet attackers at bay
Mar 22, 2009, 16:33 GMT
Gelsenkirchen, Germany - Computer users and homeowners have plenty in common as they themselves usually want to decide who is allowed into their domain. Some house owners keep a watch dog for this purpose.
In terms of computers, that function is handled by anti-virus software which keeps a watchful eye on the system and looks out for ill-intentioned intruders. A more effective approach is to keep unwelcome guests from getting onto your property or hard drive in the first place. That's where firewalls come into play.
'A personal firewall is used to seal off unnecessary communication channels and reduce the access to only absolutely necessary applications - such as sending and receiving e-mail messages and surfing on the internet,' explains Professor Norbert Pohlmann, director of the Gelsenkirchen-based Institute for Internet Security.
'An unsecured PC is like a pile of money on a table in the middle of an open meadow. A personal firewall is like a house built around the table,' Pohlmann says.
A personal firewall is always a must, if your internet connection is not protected by a central firewall, such as those built into many routers. Yet even computers already protected in this way can benefit from a personal firewall, the expert says.
'If there's already an active firewall in the router, then the personal firewall represents sensible supplemental security,' says Pohlmann.
Personal firewalls are already integrated into Windows XP and Vista, although they are referred to as desktop firewalls. While the Vista firewall comes activated by default, the one in XP must be manually activated. You can configure it using the firewall option in the security centre. The 'Exceptions' features is used to establish which programs will be given access.
'The firewall must be set to reflect your own needs, so that important applications like the browser and e-mail program are given access but everything else is forbidden,' Pohlmann explains.
Those who don't trust themselves to create a custom configuration can often use the pre-installed security levels. Pohlmann recommends that Windows XP users install an additional firewall. The built-in XP firewall simply doesn't provide enough protection, he feels.
'Vista's personal firewall is much better,' he says.
The German Federal Agency for Security in Information Technology (BSI) in Bonn recommends ZoneAlarm, a firewall for Windows, the basic version of which is available free of charge.
'Many users prefer what are known as security suites, which are security packages offering both firewall and anti-virus programs,' says BSI spokesman Michael Gaertner. Programs of that kind often stand out for their uniformity and ease of use, but they don't come free.
'The firewall controls all exterior access to the PC, as well as access from within to the internet. It can be set to inform the user about unwanted incoming or outgoing data traffic by the computer,' says Lutz Neugebauer, a security expert at the IT industry association BITKOM in Berlin. That's why he sees the personal firewall as an 'absolutely recommended protection program.'
It should be noted that firewalls do not distinguish between good and bad data access. 'It learns from the user which access types are OK,' Neugebauer says. That means that the user may be required to grant permission for a messenger to access the internet before being able to actually chat.
Many firewalls can configure themselves as well. 'The firewall establishes its own guidelines over time. For non-technology experts that's a big convenience,' the BSI indicates. On the other hand, self-learning firewalls can end up configuring themselves incorrectly and become a security risk.
The use of personal firewalls is a debatable issue among industry professions, the BSI claims. The operating system should always be configured first so that the browser, e-mail clients and applications are as secure as possible. Once that is done, and the user is careful not to download anything from insecure sources or visit untrustworthy sites, then the use of a personal fire ware does not really provide any extra protection. Others feel the firewall contributes to security by sounding the alarm when a hidden program tries to access the internet from within the computer.