Firewalls, Don't Let Them Eat Cake
Article by Rick Leinecker, March 6, 2006

What if all the windows in your house are open? Then imagine that you're not at home. How hard would it be for someone to get in and make off with valuables or do some real damage? It would be a piece of cake.

This is akin to computers on the Internet, especially ones that are always on. You see, your computer has a similar notion to windows called ports. Different ports are used by different application types as they communicate over the Internet. And ports that are being used by applications are open just like the windows in your house can be.

Your browser (Internet Explorer, FireFox, etc.), for instance, uses port number 80. Any port that isn't guarded is vulnerable to attack from the outside. Hackers can potentially take your valuables such as important documents or do some real damage - piece of cake.

There's one more important technical thing that's easy to explain since it has a real-life metaphor. We call it an IP address, but you can think of it as your computer's phone number. It's a unique number that your computer has when it's on the Internet that allows the correct information to get to the correct computer.

To carry the windows/ports analogy further, you can lock your computer's ports just as you can lock your home's windows. And the mechanism is a firewall. Some firewalls are software and some are hardware based.

A firewall is between your computer and the Internet. It opens and closes ports as they're needed. It also monitors IP addresses (the computer "phone numbers"). A firewall is smart enough to know when someone is trying to compromise your computer, and thwarts the attempt.

The Windows XP operating system has a built in software firewall. I need to point out, though, that you must upgrade to Service Pack Two in order to have this feature. (You can update to later Service Packs by using Internet Explorer, selecting the Tools drop down menu, and choosing the Windows Update menu item. I'll say more about updates in a later article.)

The Windows XP firewall can be on or off. For most people, on is the preferred state. Some people who use software that communicates in unusual ways might prefer it to be off for convenience. When the firewall is on, it blocks all incoming traffic. Since all you need to surf the web and send email is outgoing traffic, this is ideal and keeps the bad guys at bay.

It couldn't be easier to check and maybe change your Windows XP firewall settings. Just go to Control Panel, run the Security Center applet, click on the Windows Firewall hyperlink, and the firewall controls will appear. Besides turning the firewall on or off, you can perform more advanced configuration. Email me any questions about advanced configuration and I'll be glad to answer them.

Many of the leading security suites such as Norton or McAfee have software firewalls. These are better than the free Windows XP firewall, and they work on just about any operating system. These commercial products offer more protection and are far more configurable than the Windows XP firewall. If you have a small or medium business, it's worth the fifty bucks or so. But if you're a home user, the free firewall is probably fine. Most large companies have advanced hardware firewalls that do a fantastic job at protecting company computers.

There's a free firewall that you can download and install called Zone Alarm (http://www.zonelabs.com). It works well, and is similar to the free Windows XP firewall. The good thing is that it can be installed on older operating systems such as Windows 2000. Be aware, though, that the company's motivation for offering a free firewall is to entice you into buying a full-featured product. It's even difficult to find the download link for the free version on their web site.

Many of you have small networks at home with a router that allows many computers to access the Internet simultaneously. And lots of times these routers are wireless. This offers more benefit than just connecting multiple computers to the Internet. These small routers act as a simple hardware-based firewall. I wouldn't throw away any software firewalls that you have installed, but I just want you to know that you have an extra layer of protection.

If there were a hacker named Marie Antoinette, she may say "let them eat cake." But fortunately your firewall says "don't let them eat cake."

Those are the basics of firewalls.