What do firewalls do?
Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary network traffic and preventing malicious software from accessing the network. Firewalls can be configured to block data from certain locations or applications while allowing relevant and necessary data through. (See Understanding Denial-of-Service Attacks and Understanding Hidden Threats: Rootkits and Botnets for more information.)
What type of firewall is best?
There are various types of firewalls with differences in where they are located and what types of activity they control. Firewalls may be broadly categorized as hardware or software. While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use.
- Hardware – Typically called network firewalls, these external devices are positioned between your computer and the Internet (or other network connection). Many vendors and some Internet service providers (ISPs) offer integrated small office / home office (SOHO) routers that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers and control the network activity that attempts to pass through them. The advantage of hardware-based firewalls is that they are separate devices running their own operating systems, so they provide an additional line of defense against attacks when compared to system or host-level protections.
- Software – Most operating systems include a built-in firewall feature that should be enabled for added protection even if you have an external firewall. Firewall software can also be obtained as separate software from your local computer store, software vendor, or ISP. If you download firewall software from the Internet, make sure it is from a reputable source (i.e., an established software vendor or service provider) and offered via a secure site. (SeeUnderstanding Web Site Certificates for more information.) The advantage of software firewalls is their ability to control the specific network behavior of individual applications on a system. Relying on a software firewall alone does provide some protection. However, realize that having the firewall on the same computer as the information you’re trying to protect may hinder the firewall’s ability to detect and stop malicious activity. This is especially true if your computer is already compromised by malware.
How do you know what configuration settings to apply?
Most commercially available firewall products, both hardware- and software-based, come pre-configured and ready to use. Since each firewall is different, you’ll need to read and understand the documentation that comes with it to determine whether the default settings on your firewall are sufficient for your needs. Additional assistance may be available from your firewall vendor or your ISP. Also, alerts about current malicious activity (such as US-CERT’s Cyber Security Alerts) sometimes include information about restrictions you can implement through your firewall.
Unfortunately, while properly configured firewalls may be effective at blocking some attacks, don’t be lulled into a false sense of security. Firewalls do not guarantee that your computer will not be attacked. Firewalls primarily help protect against malicious traffic, not against malicious programs (malware), and may not protect you if you accidentally install malware on your computer. However, using a firewall in conjunction with other protective measures (such as anti-virus software and safe computing practices) will strengthen your resistance to attacks. (See Understanding Anti-Virus Software and other security tips for more information.)
Both the National Cyber Security Alliance and US-CERT have identified this topic as one of the top tips for home users.