US-CERT Cyber Security Tip ST04-004 -- Understanding Firewalls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        Cyber Security Tip ST04-004
                          Understanding Firewalls


Understanding Firewalls

   When anyone or anything can access your computer at any time, your
   computer is more susceptible to being attacked. You can restrict
   outside access to your computer and the information on it with a
   firewall.

What do firewalls do?

   Firewalls  provide  protection  against outside attackers by shielding
   your  computer  or  network  from  malicious  or  unnecessary Internet
   traffic.  Firewalls  can  be  configured  to  block  data from certain
   locations  while allowing the relevant and necessary data through (see
   Understanding   Denial-of-Service  Attacks  and  Understanding  Hidden
   Threats:   Rootkits  and  Botnets  for  more  information).  They  are
   especially  important  for  users  who rely on "always on" connections
   such as cable or DSL modems.

What type of firewall is best?

   Firewalls  are  offered in two forms: hardware (external) and software
   (internal).  While  both  have their advantages and disadvantages, the
   decision  to  use a firewall is far more important than deciding which
   type you use.
     * Hardware  -  Typically  called  network  firewalls, these external
       devices  are  positioned between your computer or network and your
       cable  or  DSL  modem.  Many  vendors  and  some  Internet Service
       Providers  (ISPs) offer devices called "routers" that also include
       firewall   features.  Hardware-based  firewalls  are  particularly
       useful  for  protecting  multiple  computers but also offer a high
       degree  of  protection for a single computer. If you only have one
       computer  behind  the  firewall, or if you are certain that all of
       the  other  computers on the network are up to date on patches are
       free  from  viruses,  worms,  or other malicious code, you may not
       need  the  extra protection of a software firewall. Hardware-based
       firewalls  have  the  advantage  of being separate devices running
       their own operating systems, so they provide an additional line of
       defense  against  attacks.  Their major drawback is cost, but many
       products are available for less than $100 (and there are even some
       for less than $50).
     * Software  - Some operating systems include a built-in firewall; if
       yours   does,  consider  enabling  it  to  add  another  layer  of
       protection  even  if  you  have an external firewall. If you don't
       have  a  built-in firewall, you can obtain a software firewall for
       relatively  little  or  no  cost  from  your local computer store,
       software  vendors,  or  ISP.  Because of the risks associated with
       downloading   software  from  the  Internet  onto  an  unprotected
       computer,  it  is  best to install the firewall from a CD, DVD, or
       floppy  disk.  Although  relying on a software firewall alone does
       provide  some  protection, realize that having the firewall on the
       same  computer  as  the  information  you're trying to protect may
       hinder the firewall's ability to catch malicious traffic before it
       enters your system.

How do you know what configuration settings to apply?

   Most  commercially  available  firewall  products,  both hardware- and
   software-based,  come configured in a manner that is acceptably secure
   for  most users. Since each firewall is different, you'll need to read
   and  understand  the  documentation  that  comes  with  it in order to
   determine  whether  or  not  the default settings on your firewall are
   sufficient for your needs. Additional assistance may be available from
   your  firewall  vendor  or your ISP (either from tech support or a web
   site).  Also, alerts about current viruses or worms (such as US-CERT's
   Cyber   Security   Alerts)   sometimes   include   information   about
   restrictions you can implement through your firewall.

   Unfortunately, while properly configured firewalls may be effective at
   blocking some attacks, don't be lulled into a false sense of security.
   Although  they  do  offer a certain amount of protection, firewalls do
   not  guarantee that your computer will not be attacked. In particular,
   a firewall offers little to no protection against viruses that work by
   having  you  run  the  infected  program  on  your  computer,  as many
   email-borne  viruses do. However, using a firewall in conjunction with
   other  protective  measures  (such  as  anti-virus software and "safe"
   computing  practices)  will strengthen your resistance to attacks (see
   Understanding  Anti-Virus  Software  and  other security tips for more
   information).
     _________________________________________________________________

     Both  the National Cyber Security Alliance and US-CERT have identified
     this topic as one of the top tips for home users.
     _________________________________________________________________

     Authors: Mindi McDowell, Allen Householder
     _________________________________________________________________

     Produced 2004 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness.

     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST04-004.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBReXZrexOF3G+ig+rAQLF2Qf+PeNbdzooAgTHVUZIMzUFdqRsnLw6WOBV
jnbQsnUEJbgfS32if4IIn4oQm1eySeyDB8DgK0ESLERQLuPn8D9tH2MzIHnWkh8U
w+OsgiYs7K8F7rGDtB6phySZaWFhmKsayeLoCPleEpRzyRecXSEGpmghoPGNIdHH
dNBKTY6yFD0M6fy0ti67nfmjspDfzzCcwcIdMskPL7NyZOM03RgijwlNEXe1ID8n
k95wZjcl2KJjfBqSCoolVtAhEEjm9lnsWn9SzfibOU54x3w7Zlv+hMPn+RH6bQ7p
57qQOUrZShUG4MXacGUPftoNzvkvz3O/LUJydmkVEVtHA0xTihXrpQ==
=vyN8
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux