Site Menu
- Safe Computing
- Basics & Essentials
- Beyond the Basics
- Advanced Topics
- Best Practices
- Links
- Contact Us
- Site Map
What's New?
The SafeComputing site has been redesigned! Check out the new topics and organization.
Download Brochures & Handouts
Instructions for encryption, guides, handouts, posters, and brochures are all available for download.
Hot Topics
- Phishing
- Encrypting Stored Data
- University Security Standards (UCSS)
- Locate SSN or Credit Card Numbers
Incident Response
Firewalls 
What is a Firewall?
Firewalls are an important first-line of defense for computer and network security. They act as a barrier that shields your computer or network from malicious or unwanted traffic. When your computer is connected to the Internet, it's a possible target for break-in. A firewall helps keep intruders out and your information in. It also helps prevent the spread of threats from your computer to other's.
With high-speed connections such as Ethernet, cable modem or DSL, your computer is connected to the Internet whenever it is turned on, not just when you're actively using it. Computers using dial up modems are vulnerable only when you have established a dial up connection to your Internet Service Provider. In either case, using a personal firewall, hardware firewall, or combination of both, can prevent a range of security problems. All information must pass through the firewall, which evaluates whether the information meets its security criteria. Traffic that is "safe" is allowed to pass through, while other traffic is blocked.
Why Do I Need Protection?
Intruders can cause problems in many ways. They can:
- Compromise your system, delete files, corrupt your computer, or gain access to stored personal documents
- Steal account and password information or other personal information leading to unauthorized use of systems or applications in your name or identity theft
- Send unsolicited mass e-mail, spread viruses, and use your computer to break into other computers
Services that present potential break-in opportunities over the Internet include web, e-mail, file transfer, remote log-ins, print sharing, popup messaging, and many others. A firewall in combination with other security measures (anti-spam and anti-spyware) and good practices increases your defenses and decreases your risk.
Types of Firewalls
Firewalls come in two forms:
- Hardware or Network firewalls are external devices positioned between your computer or network and the Internet. Since your computers are placed behind them, network firewalls can be used to protect a group of computers or devices without having to install a firewall on each device. Some DSL or cable-modem routers include a network firewall, which adds an additional layer of protection to your personal firewall. Note that NAT (network address translation, see below) is NOT a network firewall.
- Personal firewalls (also called host-based firewalls) are software that is installed on your computer to block or filter traffic between your computer and the network. Most newer operating systems such as Microsoft Windows XP (service pack 2 and later), Mac OS X, and Linux have built-in personal firewalls. Personal firewalls are good protection, but they can sometimes be disabled or turned off by attacking software. They are better protection when combined with a network firewall on a cable-modem or DSL router.
Configuring a Firewall
When configuring a firewall, you can set up your own rules for what you want to block or let in. It's best to block all incoming connections by default, and allow only those you specifically designate. But if you're running network services that must let other computers connect to yours, this isn't an option.
If you do need to allow incoming connections, you should take the time to test and tune the services allowed by your firewall. The increase in security will be worth it.
It can be tempting to set up your firewall to allow all connections and only block those known to be vulnerable, but this approach is not secure because it is impossible to know what will be vulnerable in the future. Some personal firewalls also enable you to block outbound connections. This feature can be valuable because you get a warning if you try to connect to a suspicious site.
Network Address Translation (NAT) as firewall.
NAT is a method of hiding a group of machines behind a single IP address, originally developed when a shortage of IP address space caused problems on the Internet. NAT has some security properties and can protect computers and other devices from external attacks on the Internet similar to a network-based firewall. But NAT is far less configurable and flexible, and the protection it offers is more by accident than by design.
Today NAT is used more for convenience, but it should not be relied on as the only form of protection for your computers, unless it is not possible to add a host or network firewall as well.
More Information:
- Consult the Information Security Group's Firewall FAQ
- Microsoft Windows XP Security Guide
- Personal Firewall Day (http://personalfirewallday.org/)
- The United States Computer Emergency Readiness Team (US-CERT) Firewall Tips (http://www.us-cert.gov/cas/tips/ST04-004.html)
- Details on firewalls for home use (http://www.firewallguide.com/)
