Table of Contents:
Firewalls play a central role in securing a PC, standing as a filter between the outside world and your computer. While there are several types of firewalls, the technology can be broadly defined as a collection of related security programs that are stored on a network gateway server and collectively safeguard network assets from users on other networks.
While all firewalls run software, the firewall market is generally divided into these two categories: hardware and software. For the sake of this guide, I will only focus on the software firewalls.
In its most basic form, a firewall basically filters incoming and outgoing packets. This means a firewall accepts or denies the connections based on user-defined rules. Firewalls are also used to monitor traffic from applications installed on your system, and based on the user defined rules, the traffic will either be allowed through or blocked.
With these features, a firewall can be very useful in stopping hackers or malware in its tracks before anything malicious can happen. For example, a firewall can prevent connections from an outside hacker getting in, or it can deny outbound traffic of a trojan downloader trying to download malicious files.
There are a few different types of firewalls, but nowadays, most firewalls include all these features.
Packet-Filtering Firewalls: In its most basic form, a firewall does nothing but filter packets. This means that the firewall accepts or rejects IP packets on the basis of predefined rules. With packet filtering, the firewall carefully scrutinizes each packet's protocol and address information; content and context data are not considered. The main advantages of packet-filtering firewalls are their relative simplicity, low cost, and fast and easy deployment attributes. Software-only firewalls for home and small business are typically of this variety, including the firewall that is built in to more recent versions of Windows.
Circuit-Level Firewalls: This type of firewall doesn't simply accept or reject packets, it also decides whether a connection is valid according to a set of configurable rules. If everything checks out, the firewall opens a session and allows traffic to flow in only from the authenticated source. The traffic may also be permitted to proceed for only a limited period of time. In addition, the firewall may perform connection validation on the source IP address and/or port, the destination IP address and/or port, the protocol used, user IDs, passwords, the time of day or, most likely, several of these conditions. In addition, packet-level filtering may also take place.
The big drawback to circuit-level firewalls is that they function at the transport layer and therefore may necessitate a significant modification of the transport-function programming. This can impact the performance or operation of a network. Also, circuit-level firewalls require more expertise to install and maintain.
Application-Level Firewalls: With this approach, the firewall acts as an application proxy, supplying all data exchanges with the remote system. The idea behind this concept is to make the server behind the firewall invisible to the remote system.
An application-level firewall can accept or reject traffic based on a specific set of rules. The firewall may, for example, allow some commands to proceed to a server while rejecting others. The technology can also be used to restrict access to specified file types, as well as to provide different access levels to authenticated and nonauthenticated users. Application-level firewalls tend to be preferred by users who require detailed traffic monitoring and logging on the host, since the addition of these activities is relatively simple and doesn't further impact performance. IT administrators can set an application-level firewall to trigger alarms and notifications in the event that a predefined condition occurs. Application gateways are typically deployed on a separate network-connected computer, commonly called a proxy server
Stateful Multilevel Firewalls: Typically offered by vendors as "best-of-breed" solutions, this approach aims to combine the best attributes of multiple firewall types. Stateful multilevel firewalls are designed to perform network-level packet filtering while recognizing and processing application-level data. These firewalls often provide superior network protection but can be very expensive.
There are several leading firewalls out there, but I've compiled a list of the most commonly used ones here. Do note that these are standalone firewalls; I will not talk about the firewalls that come with security suites (eg. Kaspersky Internet Security comes with its own firewall; I will not talk about it here).
ZoneAlarm:
Quoted from CNET - ZoneAlarm is designed to protect your DSL- or cable-connected PC from hackers. This program includes four interlocking security services: a firewall, an application control, an Internet lock, and Zones. The firewall controls the door to your computer and allows only traffic you understand and initiate. The Internet lock blocks Internet traffic while your computer is unattended or while you're not using the Internet, and it can be activated automatically with your computer's screensaver or after a set period of inactivity. Zones monitor all activity on your computer and alert you when a new application attempts to access the Internet.
Version 8.0.298 is Vista 64-bit compatible, improves performance during computer startup, shutdown and operation.
ZoneAlarm is generally for users that are not computer savvy. It has many features, including a multilayered firewall, antivirus monitoring, application monitoring, and event logging.
Download link: ZoneAlarm Free
Screenshot:![[Image: zonealarm.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ugoK-e1Lc3fHHQPVyfQUObhykqAqfMyUPwuDY5W5hOQ574_TtFdeRnIFKVx3njq12TBXIVzaqXglvWdRGotMyZCQ=s0-d)
Online Armor:
Quoted from CNET - Online Armor Personal Firewall--Easy to use, award winning firewall. Online Armor is a powerful personal firewall, with HIPS and a host of other security features to keep your PC clear of infections and running smoothly. Online Armor is designed to be easy to use for beginners and offers powerful performance.
Online Armor can generally be used by computer users of all levels. It is also considered as a HIPS program.
Download link: Online Armor Personal Edition
![[Image: 1124210905-1.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ujc7_SZYZx5tcMGGWp0mACpQl1ux53RGcUJmSW1G0NRwSfy_VKZViYPul5YNRK_eKaXKkqNu8V1b9FMycX7lEGdtUWu-vGL_B279aGJU04WvSZhrSUK1v2O0I=s0-d)
Comodo Firewall:
Quoted from CNET - Comodo Firewall Pro is aimed to secure your system against internal attacks such as Trojan viruses / malicious software and external attacks by hackers. Safeguard your personal data through a simple user friendly single click interface offering full immunity to attack. Comodo Firewall Pro helps you connect in a secure way to the internet and global networks.
Comodo Firewall has several more features, and is recommended for a computer savvy user who wants to fully customize his firewall rules and settings. It includes an antivirus, although it is not relied on as sole protection. An antivirus should be used with it.
Version 3.9.76924.507 has stateful File Inspection for Realtime Virus Scanner and livePCSupport is provided as a 30 Day Trial.
Download link: Comodo Firewall Pro
Screenshot:
![[Image: 73890-comodo_firewall_pro.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vwQgC21aF4teRqvjszjlJn_pPON5gyungdZpQtT2M6vSRN33-xg7Gf0cVEYh_bAwaxls0ji6pMpOwHgpBmxRdEz2agggb-y-32BdPi0iOs_SZ7y8y7hKnkTsV9KWDVWMFUFBND=s0-d)
Now, if you want to test how secure your firewall is, there are a few sites offering firewall tests.
PC Flank tests
GRC - Shields Up!
McAfee - Test your firewall
These are just basic tests for your firewall.
- Basic information on firewalls
- Types of firewalls
- List of firewalls & information
- Firewall tests
Section 1: Basic information on firewalls
Firewalls play a central role in securing a PC, standing as a filter between the outside world and your computer. While there are several types of firewalls, the technology can be broadly defined as a collection of related security programs that are stored on a network gateway server and collectively safeguard network assets from users on other networks.
While all firewalls run software, the firewall market is generally divided into these two categories: hardware and software. For the sake of this guide, I will only focus on the software firewalls.
In its most basic form, a firewall basically filters incoming and outgoing packets. This means a firewall accepts or denies the connections based on user-defined rules. Firewalls are also used to monitor traffic from applications installed on your system, and based on the user defined rules, the traffic will either be allowed through or blocked.
With these features, a firewall can be very useful in stopping hackers or malware in its tracks before anything malicious can happen. For example, a firewall can prevent connections from an outside hacker getting in, or it can deny outbound traffic of a trojan downloader trying to download malicious files.
Section 2: Types of firewalls
There are a few different types of firewalls, but nowadays, most firewalls include all these features.
Packet-Filtering Firewalls: In its most basic form, a firewall does nothing but filter packets. This means that the firewall accepts or rejects IP packets on the basis of predefined rules. With packet filtering, the firewall carefully scrutinizes each packet's protocol and address information; content and context data are not considered. The main advantages of packet-filtering firewalls are their relative simplicity, low cost, and fast and easy deployment attributes. Software-only firewalls for home and small business are typically of this variety, including the firewall that is built in to more recent versions of Windows.
Circuit-Level Firewalls: This type of firewall doesn't simply accept or reject packets, it also decides whether a connection is valid according to a set of configurable rules. If everything checks out, the firewall opens a session and allows traffic to flow in only from the authenticated source. The traffic may also be permitted to proceed for only a limited period of time. In addition, the firewall may perform connection validation on the source IP address and/or port, the destination IP address and/or port, the protocol used, user IDs, passwords, the time of day or, most likely, several of these conditions. In addition, packet-level filtering may also take place.
The big drawback to circuit-level firewalls is that they function at the transport layer and therefore may necessitate a significant modification of the transport-function programming. This can impact the performance or operation of a network. Also, circuit-level firewalls require more expertise to install and maintain.
Application-Level Firewalls: With this approach, the firewall acts as an application proxy, supplying all data exchanges with the remote system. The idea behind this concept is to make the server behind the firewall invisible to the remote system.
An application-level firewall can accept or reject traffic based on a specific set of rules. The firewall may, for example, allow some commands to proceed to a server while rejecting others. The technology can also be used to restrict access to specified file types, as well as to provide different access levels to authenticated and nonauthenticated users. Application-level firewalls tend to be preferred by users who require detailed traffic monitoring and logging on the host, since the addition of these activities is relatively simple and doesn't further impact performance. IT administrators can set an application-level firewall to trigger alarms and notifications in the event that a predefined condition occurs. Application gateways are typically deployed on a separate network-connected computer, commonly called a proxy server
Stateful Multilevel Firewalls: Typically offered by vendors as "best-of-breed" solutions, this approach aims to combine the best attributes of multiple firewall types. Stateful multilevel firewalls are designed to perform network-level packet filtering while recognizing and processing application-level data. These firewalls often provide superior network protection but can be very expensive.
Section 3: List of firewalls & information
There are several leading firewalls out there, but I've compiled a list of the most commonly used ones here. Do note that these are standalone firewalls; I will not talk about the firewalls that come with security suites (eg. Kaspersky Internet Security comes with its own firewall; I will not talk about it here).
ZoneAlarm:
Quoted from CNET - ZoneAlarm is designed to protect your DSL- or cable-connected PC from hackers. This program includes four interlocking security services: a firewall, an application control, an Internet lock, and Zones. The firewall controls the door to your computer and allows only traffic you understand and initiate. The Internet lock blocks Internet traffic while your computer is unattended or while you're not using the Internet, and it can be activated automatically with your computer's screensaver or after a set period of inactivity. Zones monitor all activity on your computer and alert you when a new application attempts to access the Internet.
Version 8.0.298 is Vista 64-bit compatible, improves performance during computer startup, shutdown and operation.
ZoneAlarm is generally for users that are not computer savvy. It has many features, including a multilayered firewall, antivirus monitoring, application monitoring, and event logging.
Download link: ZoneAlarm Free
Screenshot:
Online Armor:
Quoted from CNET - Online Armor Personal Firewall--Easy to use, award winning firewall. Online Armor is a powerful personal firewall, with HIPS and a host of other security features to keep your PC clear of infections and running smoothly. Online Armor is designed to be easy to use for beginners and offers powerful performance.
Online Armor can generally be used by computer users of all levels. It is also considered as a HIPS program.
Download link: Online Armor Personal Edition
Comodo Firewall:
Quoted from CNET - Comodo Firewall Pro is aimed to secure your system against internal attacks such as Trojan viruses / malicious software and external attacks by hackers. Safeguard your personal data through a simple user friendly single click interface offering full immunity to attack. Comodo Firewall Pro helps you connect in a secure way to the internet and global networks.
Comodo Firewall has several more features, and is recommended for a computer savvy user who wants to fully customize his firewall rules and settings. It includes an antivirus, although it is not relied on as sole protection. An antivirus should be used with it.
Version 3.9.76924.507 has stateful File Inspection for Realtime Virus Scanner and livePCSupport is provided as a 30 Day Trial.
Download link: Comodo Firewall Pro
Screenshot:
Section 4: Firewall tests
Now, if you want to test how secure your firewall is, there are a few sites offering firewall tests.
PC Flank tests
GRC - Shields Up!
McAfee - Test your firewall
These are just basic tests for your firewall.
