Forget about the Internet and security for a moment - you already own something with a firewall. Your car has one between the engine and the passenger compartment, even if your car isn't a sweet 1969 Dodge Charger.
The firewall in your car is designed to contain engine fires to the engine compartment, not letting the flames spread to the passengers. Firewalls have been around cars for a long, long time - certainly since the 1930s, and probably a lot longer.
Now back to the Internet and security. Internet firewalls are designed to keep bad things (and Bad Guys) out of your network, so they don't burn down all your devices. Yes, I stretched that metaphor, but that's exactly where the name came from.
An old Internet wag once described a firewall as a device that "keeps the bad guys out while letting the good guys out". That's a really good description. Internet firewalls have been around for basically as long as there has been an Internet, say from around 1990. The technology is very well understood, and very mature. That's the good news.
The bad news is that there are a million ways to set up your firewall so it's more full of holes than Swiss cheese. This post will try to help you avoid this.
More good news: your Internet Provider almost certainly has a firewall capability in hte box that gives you Internet access. For example, if you get Internet via cable TV, you have not only a cable box that changes channels, you have a separate box that gives Internet. That thing has a firewall built in, so yay.
You an check this yourself via a web site that I've linked to a number of times over the years, Steve Gibson's Gibson Research. You should see something that looks like this:
Green is good.
So what went on when you ran that? There are a bunch of Internet services like web, email, and so on. Each uses a "port" - email is 25, web is 80, there are a bunch of others. What Gibson's app did was to try to connect to all of these posts on your IP address. Ideally, your firewall (like mine) dropped these connections in the trash can.
So from a first cut, your firewall is letting you out onto the Internet (so you can read this, hello!) but keeping the Bad Guys out.
But the devil is in the details of how we (and our devices) use the Internet. The next post in this series will explore this: Secure Your Home Network: Can (and should) you trust your devices?
4 comments:
I got a "reload disabled" page following the link. I get crazy when I start looking at ports on the firewall. I got an MCSE back in the day for NT 4.0. Defaults and custom ports, and and and..... 16000 possibilities about drove me mad.... Thanks for the primer. I need to revisit the subject.
Same message for me................
You have to go back to the top level of the domain to get to the Shields Up! web page. Gibson has been around a long time, his SpinRite tool was great to retune IDE data interleaving on IDE drives.
Firewalls have gone from esoteric router configurations (viz Building Internet Firewalls) then expensive appliances (Altavista, Checkpoint, Sonicwall) to standard features embedded in every wireless router that does NAT and usually enabled by default.
Gibson Research. Hah! MANY years ago, definitely in the gray diskette era and maybe as far back as the true floppies, I felt as if I'd discovered hidden treasure there with SpinRite. I learned a LOT there. Those were the days of freeware and shareware -- more of those available than commercial products. Thanks for the series; it is a terribly important topic.
Post a Comment