The box that cried wolf

Professional firewalls are essential for protecting enterprise networks, but because they are expensive and complex to administer, they are rarely found on small office/home office or residential networks. Dial-up connections do not make the cost or trouble worthwhile to residential users.

The arrival of always-on broadband services has radically changed the security stakes. Hackers love fast, always-on Internet connections such as DSL and cable modem because it is easier for them to find and probe PCs at homes or in the SOHO.

This has led residential users to come face to face with many of the same vulnerabilities that enterprise networks have encountered for years. Fortunately for these users, reasonably priced personal firewalls have come just in the nick of time.

Hardware vs. Software

Personal firewalls come in one of two types: software-based and hardware-based. Each has its advantages and disadvantages. Software-based personal firewalls such as Zone Labs Inc.’s ZoneAlarm Pro and Symantec Corp.’s Norton Personal Firewall cost about US$50 to US$70. They are easy to obtain from local retailers or online stores.

Software-based firewalls can be resource-intensive, slowing other applications running on the same PC. They also may require the PC to be on 24-7.

Hardware-based firewalls do not slow the PC because they are physically separate devices. They tend to process packets faster and do not require a PC to be powered on to protect the network. They also can be relatively inexpensive. Inc. sells the NetGear RT311 Internet Gateway Router for less than US$100.

So given the choice, which personal firewall is best for you?

If you own a single PC or are on a limited budget, software firewalls carry a distinct advantage. If you have a SOHO or residential network with two or more PCs and want the firewall continuously running, a hardware firewall makes sense. Either way, the firewalls function in a similar fashion.

Double-edged Sword

Personal firewalls can be a lifesaver. Properly installed and configured, they can protect your PCs, your network and, if you’re connected to an enterprise network, even your corporate network. But an incorrectly configured and installed firewall can pass on harmful packets to your network.

Personal firewalls also tend to give users a false sense of security. Like the dead bolt on your door that cannot keep out a determined burglar, a crafty hacker can penetrate your firewall using Trojan horse or zombie programs creating a back door to the firewall. These programs generate what appears as normal traffic to your firewall, while malicious packets pass through, performing acts such as transmitting your address book information or damaging files on your hard drive.

Personal firewall users are often at a disadvantage because some products do not provide easily understood configuration information. Many firewalls provide the user with Web content filtering, activity reporting and e-mail alerts for security incidents. Sometimes the options to set up these features are placed in an advanced menu hidden deep within the firewall application or management interface.

If a user doesn’t carefully read the documentation or see the advanced option set-up box, he might fail to provide his e-mail address or specify the name of his outgoing SMTP mail server. In either case, this results in a failure to receive messages when the firewall sees what it considers to be inappropriate activity.

Even if properly configured, firewalls are not foolproof. This is especially true given the morphing nature of many new viruses and Trojans. Sadly, there are often no guidelines for determining whether suspicious activity is really an issue or simply a false alarm. Instead it is left to the user to determine whether the suspicious activity is really malicious – not always an easy proposition. The firewall might completely ignore a rogue application that a hacker placed on a local PC believing it to be normal user activity, or alarm the user with an alert that really is an appropriate activity such as a peer-to-peer file transfer.

An understanding of how firewalls work and how to configure them is essential to their proper use. Otherwise a user who sees what appears to be an attack simply vents his anxiety on the network security staff, often offering no useful information.

The essentials needed to get assistance from any ISP or enterprise security staff are to: