You Need a Business Class Firewall

You Need a Business Class Firewall

Last month, I discussed why computers need virus protection. We learned that a virus is any program that replicates itself. Some of them delete or overwrite critical system files automatically. Some make their infected computers pawns in a much larger conspiracy. Viruses' foundational objective is to create havoc and/or destroy data. Viruses invade computers either through email or open TCP/IP ports. This month we will focus on firewall protection for those computers with dedicated Internet connections. These connections include cable, DSL and T-1 technologies.

Firewalls are devices that protect computers from hackers. Hackers launch manual or automatic attacks. A manual attack occurs when a hacker gains access to a machine and then deletes, changes or copies files. A hacker launched a manual attack a few years back by changing some files on USA Today's web site. Visitors to that site saw a home page with fictitious stories that a hacker wrote.

An automatic attack works differently. Hackers create "sniffers" that browse the Internet and look for unprotected computers. These sniffers then load "robots" on those unprotected machines. These robots can delete, change or copy files. They can also make computers participate in a much larger conspiracy. Sometimes these robots wait for a particular day and time and then launch themselves in unison. Hackers use this mechanism when creating "Denial of Service" conditions at varied web sites.

To do this, they 1) create a robot that will request a particular web page (e.g. www.microsoft.com), 2) automatically distribute that robot to unprotected Internet computers, and 3) wait for the robots to strike. If the robots were running on 1,000 computers, then www.microsoft.com would be overwhelmed with 1,000 simultaneous requests for its home page.

Sniffers look for open TCP/IP ports before installing robots. Let's discuss a computer's TCP/IP ports here.

Imagine your computer as a city, like San Francisco. To get to San Francisco by water, you have several ports to choose from. You may prefer one port while other boaters prefer other ports. Your computer also has ports. Each Internet-related service that your computer runs operates at their own ports. Internet mail operates at ports 25 and 110. Web browsing operates at ports 80 and 443. Additional services operate at their own ports. San Francisco could block inbound marine access by closing its ports. A firewall could block inbound Internet access by closing its ports. Closing inbound ports will not disqualify your computer's email traffic or web surfing.

By blocking inbound access on all ports, hackers and sniffers would not see any available ports. Sniffers won't see your computer or have the chance to install robots.

If you have a dedicated connection and no firewall, your computer is visible and vulnerable. Your computer may have been hacked if you see these symptoms: 1) your computer runs slowly, 2) the hard drive spins excessively even when you're not doing anything, 3) your network connection lights show tremendous activity even when you're not sending email or surfing the Internet, 4) programs don't work or 5) files have been deleted.

Firewalls are necessary protection if you're on the Internet. Firewall devices keep hackers out of our computers. Firewall technology is increasingly available for small and mid-sized offices. Business-class firewall devices with support and web filtering licenses range from $500 to several thousands of dollars, based on network size, bells and whistles. The cost is minimal compared to the costs of being out of business, losing productivity or reinstalling an operating system. I refer this to your wisdom.