rubin
27.02.2008, 15:20
Not long ago about 90% of Internet users hadn't even heard about firewalls and worked without them However, as a result of a great number of net-worms, work in the Internet isn't possible without a firewall. Computers, connected to the Internet without a firewall, especially using a good connection (cable, xDSL) are usually infected within several hours.
Therefore, I would like to explain the usage of a firewall.
But before that I want to tell a few words about the network itself. To understand easily, I will compare the virtual world and the ordinary world.
So, computers, integrated into the network, share information. The information is transmitted in the form of packets. Imagine that every computer is a house. Imagine that packets are little men who run from house to house with the necessary information. We'll call these men - packets.
Every house has an address, so do computers in the network. Address is a string of four groups of numbers from 0 to 255, separated by dots. For example, 212.20.123.15
To enter the house we use the door. The doors in computers are called ports. Each port can be presented as a door through which packets go. Each port has a number. The number can vary from 0 to 65535.
So, what is a firewall? A firewall controls doors (ports) and the movement of packets through these doors.
Every door has 3 states: open, closed and invisible.
A few words about information exchange.
So, you are connected to the Internet. At that moment your computer has an address. This address is unknown to anyone except your ISP. In order to start the information exchange, your computer must send a request to another computer (the address of which must be known) and tell him your address. Only then you can begin sharing information. For example, to visit a page in the Internet, you type its address. It is not the same as I described before, and it is was made for convenience. When you have finished typing the address, the browser will translate it in a network address, send request to this address, tell the address of your computer, then the server will be able to send you the contents of the desired page.
A firewall has two main objectives: protection from intrusion (hacking), and protection against unauthorized transfer of your data (for example, passwords).
So, what is needed to attack your computer? At least you need to know its address. Of course, working regularly in the Internet, you tell your address to other computers. However, if you always deal with reliable resources, the owners of it won't crack your computer. But there are special programs searching for network addresses and checking whether there is a computer at that address. And then the firewall starts its work.
1. Protection from intrusion.
The operating system (Windows for example) by default keeps some ports open. It is as dangerous as an open door. Anyone can enter you. Net-worms like Sasser travel through the open ports. That's why it is desirable to close all the doors. The network ports can be not only closed but also made invisible. The computer, which has all the ports invisible - is invisible in the network, and it is the best variant. If no one sees you, then no one will attack. That is one of the tasks of a firewall - providing invisibility of a computer in the network.
However, even if all the ports are invisible, a hacker can get the address of your computer. For example, when you speak on ICQ, the person receives your adress. If the address of your computer becomes known to a hacker, then there will be an attempt to break it. If you have open ports, there is a high probability that the attempt will be successful. Another task of a firewall - to keep the ports closed to prevent hacking, as well as the protection from net-worms.
2. Protection against data leakage. Now we can see a large spread of trojan programmes. When you catch such a program, it can steal passwords and other important information, or provide the ability to manage computer remotely. The hacker can know what you see on the screen, what you typed on the keyboard, etc. In other words, can do anything. The properly configured firewall allows connect to the network only for a limited number of known programs (web browser, mail client ...). If you run an unknown program, you may either prohibit access to the network, either allow the program to work with the network. In this case it is important not to choose "yes" immediately, but understand what that program is. So you can detect Trojans in the system and prevent theft of information and the ability to manage your computer.
It is important to understand!
Even if you don't have anything on the computer and you don't matter about data leakage, you still need to use a firewall. Your computer can be used by hackers to attack other computers or to commit a crime. In this case you become a criminal yourself. Consider whether you want to find CIA employees once at your home, because your computer was used for hacking into Pentagon. :)
Adapted from russian section (http://virusinfo.info/showthread.php?t=1755)
Therefore, I would like to explain the usage of a firewall.
But before that I want to tell a few words about the network itself. To understand easily, I will compare the virtual world and the ordinary world.
So, computers, integrated into the network, share information. The information is transmitted in the form of packets. Imagine that every computer is a house. Imagine that packets are little men who run from house to house with the necessary information. We'll call these men - packets.
Every house has an address, so do computers in the network. Address is a string of four groups of numbers from 0 to 255, separated by dots. For example, 212.20.123.15
To enter the house we use the door. The doors in computers are called ports. Each port can be presented as a door through which packets go. Each port has a number. The number can vary from 0 to 65535.
So, what is a firewall? A firewall controls doors (ports) and the movement of packets through these doors.
Every door has 3 states: open, closed and invisible.
A few words about information exchange.
So, you are connected to the Internet. At that moment your computer has an address. This address is unknown to anyone except your ISP. In order to start the information exchange, your computer must send a request to another computer (the address of which must be known) and tell him your address. Only then you can begin sharing information. For example, to visit a page in the Internet, you type its address. It is not the same as I described before, and it is was made for convenience. When you have finished typing the address, the browser will translate it in a network address, send request to this address, tell the address of your computer, then the server will be able to send you the contents of the desired page.
A firewall has two main objectives: protection from intrusion (hacking), and protection against unauthorized transfer of your data (for example, passwords).
So, what is needed to attack your computer? At least you need to know its address. Of course, working regularly in the Internet, you tell your address to other computers. However, if you always deal with reliable resources, the owners of it won't crack your computer. But there are special programs searching for network addresses and checking whether there is a computer at that address. And then the firewall starts its work.
1. Protection from intrusion.
The operating system (Windows for example) by default keeps some ports open. It is as dangerous as an open door. Anyone can enter you. Net-worms like Sasser travel through the open ports. That's why it is desirable to close all the doors. The network ports can be not only closed but also made invisible. The computer, which has all the ports invisible - is invisible in the network, and it is the best variant. If no one sees you, then no one will attack. That is one of the tasks of a firewall - providing invisibility of a computer in the network.
However, even if all the ports are invisible, a hacker can get the address of your computer. For example, when you speak on ICQ, the person receives your adress. If the address of your computer becomes known to a hacker, then there will be an attempt to break it. If you have open ports, there is a high probability that the attempt will be successful. Another task of a firewall - to keep the ports closed to prevent hacking, as well as the protection from net-worms.
2. Protection against data leakage. Now we can see a large spread of trojan programmes. When you catch such a program, it can steal passwords and other important information, or provide the ability to manage computer remotely. The hacker can know what you see on the screen, what you typed on the keyboard, etc. In other words, can do anything. The properly configured firewall allows connect to the network only for a limited number of known programs (web browser, mail client ...). If you run an unknown program, you may either prohibit access to the network, either allow the program to work with the network. In this case it is important not to choose "yes" immediately, but understand what that program is. So you can detect Trojans in the system and prevent theft of information and the ability to manage your computer.
It is important to understand!
Even if you don't have anything on the computer and you don't matter about data leakage, you still need to use a firewall. Your computer can be used by hackers to attack other computers or to commit a crime. In this case you become a criminal yourself. Consider whether you want to find CIA employees once at your home, because your computer was used for hacking into Pentagon. :)
Adapted from russian section (http://virusinfo.info/showthread.php?t=1755)