The American University in Cairo
School Of Business,Economics And Communication

1. What is a firewall?

2. Why do I need a firewall?

3. What can a firewall protect against?

4. What can't a firewall protect against?

5. What about viruses?

6. How can I tell if my computer already has a firewall?

7. I have a different version of Windows, what should I do?

8. Hardware Firewalls

9. What else do I need besides a firewall?

10. My computer is part of a large business, school, or organizational network--should I enable the firewall?

11. I have Windows XP. Can I use a firewall other than the built-in Windows XP Internet Connection Firewall?

12. Should I use Internet Connection Firewall on a computer that is also behind a hardware firewall?

 

 

1.  What is a firewall?

An Internet firewall is a piece of software or hardware that helps screen out hackers, viruses, and worms, which try to reach your computer over the Internet. If you are a home user or small-business user, installing a firewall is the most effective and important first step you can take to help protect your computer. It is important to have a firewall and antivirus software turned on before you connect to the Internet.

 

2.  Why do I need a firewall?

If your computer is not protected when you connect to the Internet, hackers can gain access to personal information on your computer. They can install code on your computer that destroys files or causes malfunctions. They can also use your computer to cause problems on other home and business computers connected to the Internet. A firewall helps screen out many kinds of malicious Internet traffic before it reaches your system.Some firewalls can also help prevent others from using your computer to attack other computers without your knowledge. Using a firewall is important no matter how you connect to the Internet—with a dial-up modem, a cable modem, or a digital subscriber line (DSL or ADSL).

 

3.  What can a firewall protect against?

Some firewalls permit only email traffic through them, thereby protecting the network against any attacks other than attacks against the email service. Other firewalls provide less strict protections, and block services that are known to be problems.
Generally, firewalls are configured to protect against unauthenticated interactive logins from the ``outside'' world. This, more than anything, helps prevent vandals from logging into machines on your network. More elaborate firewalls block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside. The firewall can protect you against any type of network-borne attack if you unplug it.
Firewalls provide an important logging and auditing function; often they provide summaries to the administrator about what kinds and amount of traffic passed through it, how many attempts there were to break into it, etc.

4.  What can't a firewall protect against?

Firewalls can't protect against attacks that don't go through the firewall. Many corporations that connect to the Internet are very concerned about proprietary data leaking out of the company through that route.
Another thing a firewall can't really protect you against are spies inside your network. Sensitive information can easily be transferred outside the network or organization if someone from the inside leaks it out using disks, phones, or FAX machines.
Lastly, firewalls can't protect against tunneling over most application protocols to trojaned or poorly written clients. There are no magic bullets and a firewall is not an excuse to not implement software controls on internal networks or ignore host security on servers. Tunneling ``bad'' things over HTTP, SMTP, and other protocols is quite simple and trivially demonstrated. Security isn't ``fire and forget''.

5.  What about viruses?

Firewalls can't protect very well against things like viruses. There are too many ways of encoding binary files for transfer over networks, and too many different architectures and viruses to try to search for them all. In other words, a firewall cannot replace security-consciousness on the part of your users. In general, a firewall cannot protect against a data-driven attack--attacks in which something is mailed or copied to an internal host where it is then executed.

6.  How can I tell if my computer already has a firewall?

If you have Windows XP rnning on your computer, you can check to make sure the firewall is enabled:

  1. Click Start, and then click Control Panel.
  2. Click Network and Internet Connections, and then click Network Connections. (Tip: If the Network and Internet Connections category is not visible, click Switch to Category View on the upper left of the window.)
  3. Under the Dial-Up or LAN or High Speed Internet category, click the icon to select the connection that you want to help protect.
  4. In the task pane on the left, under Network Tasks, click Change settings of this connection (or right-click the connection you want to help protect, and then click Properties).
  5. On the Advanced tab, under Internet Connection Firewall, make sure the box is checked next to Protect my computer and network by limiting or preventing access to this computer from the Internet. If a check mark is in the box, the firewall is on. If the box is clear, the firewall is off and your computer is potentially vulnerable on the Internet.
  6. If you have a different version of Windows, such as Windows 2000, Windows Millennium Edition, or Windows 98, you should obtain a hardware or software firewall from another company and install it. You can check the manuals of your home networking devices, such as wireless access points or broadband routers, to determine if they include built-in hardware firewalls. If you are uncertain whether a software firewall has been installed on your computer, you can check in the All Programs folder. Click Start, and then click All Programs. Look for a firewall program that is installed. Some common brand names for software firewalls for home users include BlackICE, McAfee, Norton, Tiny Personal Firewall, and ZoneAlarm

 

7.  I have a different version of Windows, what should I do?

Versions of Windows before Windows XP did not come with a built-in firewall. If you have a computer with an earlier version of Windows, such as Windows 2000, Windows Millennium Edition, or Windows 98, you should get a firewall and install it. You can use a hardware firewall or a software firewall. The following resources provide more information about your firewall options.

 

8.  Hardware Firewalls

Many wireless access points and broadband routers for home networking have built-in hardware firewalls, which provide good protection for most home networks.

 

9.  What else do I need besides a firewall?

A firewall will not make your computer 100 percent safe. However, a firewall provides the most effective first line of defense. You should install a firewall first, and then add other security measures, such as critical software patches from Windows Update and antivirus software. You can use Automatic Updates in Windows XP to help make sure you are installing the available patches. See the Protect Your PC Web site for more information.

 

10.  My computer is part of a large business, school, or organizational network--should I enable the firewall?

You should follow the policy established by the network administrator for your business, school, or organizational network. In some cases, network administrators may configure all computers on the network so that you cannot turn on Internet Connection Firewall while your computer is connected to the network. The check box to turn on Internet Connection Firewall in the Network Connection Properties dialog box will be dimmed. In those cases, you should ask your network administrator for guidance on whether you need a firewall on your computer.

11.  I have Windows XP. Can I use a firewall other than the built-in Windows XP Internet Connection Firewall?

Yes. Windows XP users who want different features in a firewall may use a hardware firewall or a software firewall from another company.

 

12.  Should I use Internet Connection Firewall on a computer that is also behind a hardware firewall?

Yes. You should turn on the Windows XP Internet Connection Firewall for all computers in your home network. This helps prevent the spread of viruses or worms across your network if a computer is infected. A computer on the network could become infected through a separate Internet connection, such as one on a laptop that is used on your home network and on public networks. Or a virus could be introduced to a computer on your network by way of e-mail or software installed from a CD or floppy disk.

 

 
 

    The American University in Cairo
       Updated 16th January 2005 | Site Feedback