Firewalls keep Internet attackers at bay

30 Mar, 2009

Computer users and homeowners have plenty in common as they themselves usually want to decide who is allowed into their domain. Some house owners keep a watchdog for this purpose. In terms of computers, that function is handled by anti-virus software which keeps a watchful eye on the system and looks out for ill-intentioned intruders.
A more effective approach is to keep unwelcome guests from getting onto your property or hard drive in the first place. Thats where firewalls come into play. "A personal firewall is used to seal off unnecessary communication channels and reduce the access to only absolutely necessary applications - such as sending and receiving e-mail messages and surfing on the Internet," explains Professor Norbert Pohlmann, Director of the Gelsenkirchen-based Institute for Internet Security.
"An unsecured PC is like a pile of money on a table in the middle of an open meadow. A personal firewall is like a house built around the table," Pohlmann says.
A personal firewall is always a must, if your Internet connection is not protected by a central firewall, such as those built into many routers. Yet even computers already protected in this way can benefit from a personal firewall, the expert says. "If theres already an active firewall in the router, then the personal firewall represents sensible supplemental security," says Pohlmann.
Personal firewalls are already integrated into Windows XP and Vista, although they are referred to as desktop firewalls. While the Vista firewall comes activated by default, the one in XP must be manually activated. You can configure it using the firewall option in the security centre. The "Exceptions" features are used to establish which programmes will be given access.
"The firewall must be set to reflect your own needs, so that important applications like the browser and e-mail programme are given access but everything else is forbidden," Pohlmann explains.
Those who dont trust themselves to create a custom configuration can often use the pre-installed security levels. Pohlmann recommends that Windows XP users install an additional firewall. The built-in XP firewall simply doesnt provide enough protection, he feels.
"Vistas personal firewall is much better," he says. The German Federal Agency for Security in Information Technology (BSI) in Bonn recommends ZoneAlarm, a firewall for Windows, the basic version of which is available free of charge.
"Many users prefer what are known as security suites, which are security packages offering both firewall and anti-virus programmes," says BSI spokesman Michael Gaertner. Programmes of that kind often stand out for their uniformity and ease of use, but they dont come free.
"The firewall controls all exterior access to the PC, as well as access from within to the Internet. It can be set to inform the user about unwanted incoming or outgoing data traffic by the computer," says Lutz Neugebauer, a security expert at the IT industry association BITKOM in Berlin. Thats why he sees the personal firewall as an "absolutely recommended protection programme." It should be noted that firewalls do not distinguish between good and bad data access. "It learns from the user which access types are OK," Neugebauer says. That means that the user may be required to grant permission for a messenger to access the Internet before being able to actually chat.

Read Comments