A firewall is a piece of software or hardware that sits between you computer and the internet, and only allows certain types of things to cross it. It’s about protecting you from them, where “them” is the malicious folk on the internet. A correctly configured firewall does not block your access out to the internet – you should be able to browse the web, for example, without interruption. The firewall prevents access from somewhere on the internet to you. That’s not to say people can’t send you mail – they can because you access your mail through the internet when you retrieve or download it. It does mean that people can’t copy files directly to your PC, or cause programs to be run on your machine.
As I’ve discussed before, I think it’s critical that if you’re on a broadband internet connection you make sure that you are behind a firewall. If you’re using a public WiFi hotspot, it’s a good idea and there are even times when it makes sense to use a firewall on a dial-up connection.
The question is, what firewall to use?
The answer varies.
Become a Patron of Ask Leo! and go ad-free!
For broadband connections (which include cable and DSL and other always-on and high-speed connections) I recommend that you use a router that supports or provides network address translation or NAT. Normally, a router is thought of as a connection sharing device, used to share a single internet connection among several computers. But even if you have only one computer, the NAT functionality in your router effectively “hides” your computer from many of threats on the internet.
My routers are all LinkSys routers. In particular, I have installations running both the 802.11b Wireless Access Point Router with 4-Port Switch, as well as EtherFast Cable/DSL Router with 8-Port
Switch. I’ve been quite happy with both. I’ve also heard good things about the support for the faster wireless standard 802.11g.
In some cases, you’ll want to consider a software firewall. Software firewalls monitor the data traversing the network connection on your machine. They block incoming traffic that isn’t explicitly allowed, and can also warn you of unexpected attempts to access the internet from your machine.
The built-in Windows Firewall in Windows XP is a fine, free, basic solution. It is, in fact, what I use when I visit a WiFi hotspot, or connect to some other network I’m not totally certain is safe. It’s also a good solution if you’re connected via dial-up for long periods of time.
Other popular software firewalls include ZoneAlarm and Comodo. The Windows Firewall doesn’t alert to unexpected outgoing connections, but most of these products do.
Note: in all cases, hardware or software, built-in or add-in, it’s going to be important to know how to configure your firewall properly. Firewalls are the leading cause for certain functions, such as instant messaging, or audio connections, from working. These are typically easily fixed with a quick configuration change within the firewall. Make sure to take the time to understand the documentation that accompanies your firewall.
Finally, when you believe you’re protected, or even if you know you’re not, you should visit Gibson Research and run “Shields Up” – a vulnerability analysis. It will try to access and analyze your computer from the internet, and enumerate for you exactly how you are vulnerable, and potential steps you can take. It tends to be a little techie, but it’s worth the effort.