Use a Firewall!

Next up on the list is firewalls. If you are not sure what a firewall is or what it can do for you, do not worry. I will explain it for you here. Personally, I am a big fan of them and I’m sure after reading my post, you will be too. Even if you don’t read the entire post, I still want you to realize one fact. It’s almost absolutely mandatory that you run some sort of firewall whether it be hardware based or software based to protect your computers and essentially, your home network.

Here is a list of commonly used firewalls.

1. Windows Firewall

2. Comodo Firewall

3. Online Armor Free Personal Firewall

Alright, so now you might be wondering what exactly is a firewall and why do you even need one? A lot of people have had bad experiences with using a firewall. For one, you can look at a firewall as a simple application communication blocker. If a program you have installed on your computer needs access to the Internet, then you must specify an exception in the firewall to ‘allow’ that application through. A common mishap is that once a user finds out that an application isn’t working as expected, they immediately disable/turn off the firewall. Sometimes that would work but then they would then think the firewall is a hassle and so they leave it turned off which lowers their computer security drastically. What they should have done is configure an ‘exception’ in the firewall rule to allow that application through.

Now you’re probably wondering why the heck would you need to ‘allow’ an exception? For this I need to quickly explain about ports. You can think of these as ‘doors’ into your computer. What happens when you don’t lock your door when you go out? A stranger might be able to simply walk right in and do whatever they please. Ports are essentially the same. Applications need ports to communicate online. Every time you type in a webpage, a lot is going on under the hood. Your webpage doesn’t just magically appear in your browser. Your browser uses the standard port 80 to communicate out onto the web with other web servers like Google and Yahoo. There are a lot of standard ports for various services. These include port 80 for HTTP, 25 for SMTP (email), 20 and 21 (for FTP), 443 (HTTPS), 23 (Telnet) and much much more. Another example is if you play with the popular RPG game, Word of Warcraft. Under the hood, it needs to use TCP port 3724 to communicate with the Warcraft servers and so that you’ll be able to play with other players online. What does this have to do with a firewall? Well, another thing we have to understand is inbound and outbound connections.

Here is a simplified explanation by using Firefox. When you type in a URL address to visit your favorite website, Firefox is making an ‘outbound’ communication with whatever webserver is hosting the website. Once that server finds out that you want to view it’s webpage, it will send back data to Firefox and that is the ‘inbound’ connection. This will occur almost every time. Now that you understand how these process works, it’s easier to understand how the firewall will protect you.

Basically, your computer has a lot of ports open or ports that are listening for activity. This can be a security hazard. Why? Well because the more ports or ‘doors’ you have open or unlocked, the more easier it is for attackers to enter your system. A firewall will essentially lock down your ports until they are needed to be open. There are exceptions to this however. What the firewall does protect you with is by blocking anonymous port scanning tools that a lot of attackers use to scan your system for open and vulnerable ports. If you didn’t initiate the outbound connection, then there shouldn’t be a reason why there will be an inbound reply connection.

Now there has been a huge debate as to whether you need a outbound + inbound firewall or just simply an inbound firewall. Me personally, I use the default and built-in windows Firewall in the Microsoft operating system. This firewall by default only blocks inbound connections. There are ways to tweak the settings to configure it to block outbound connections as well but it’s a real hassle and as a average home user, you probably don’t even need outbound filtering and I’m going to tell you why. When you install the Comodo firewall, it will bug you with a popup asking you if you want to allow an application through because it’s attempting to connect online. You would normally hit yes because Firefox, your AIM messenger, Skype and other applications do really need to access the Internet! One of the main reason why you would want an outbound filtering firewall is so that if a malicious program is installed on your computer, you’ll have a way to prevent it from contacting a server on the Internet to either get further instructions from the virus authors or to update itself. Here is the problem. A lot of users do not know what a malicious program looks like or know what it’s called! If they don’t know what it is or what it’s called, how can they know to ‘deny’ it from connecting to the net?! Take it like this. What if I sent you an email promising you that I will transfer $10,000 into your account as long as you install the attachment file? You take the bait and install the software. A prompt comes up asking you if ‘zynch.exe’ should be allowed or denied access. Casual users will not even look at the message and immediately hit ‘Allow’, therefore, you technically have no outbound filtering at all. The point is that the default Windows Firewall does way enough for casual home users in terms of protection. For more advance users that needs more granular control, then you can take a look at the other options like Comodo Firewall.

Instead of relying on outbound filtering, learn to practice safe computing habits to prevent installing malicious software in the first place!

Last thing I want to point out is that Steve Gibson has a web service on his website that does a automatic port scan of your router! This is a safe way to determine how open you are to attacks. It’s very interesting and I believe everyone right now should run a scan to see how their defenses stack up to a port scanning utility. You can run the scan here.