Firewall

What is a firewall?

A firewall can come in two main forms, but basically do the same job. The first form is in hardware, such as a router. The second form is in software, installed on the computer.

Their job is pretty simple: Check incoming and outgoing packets of data, and decide if they should be allowed to leave or enter the system.
They can do more advanced things too. What I will do is discuss the software based, personal firewalls.

A firewall can reject an incoming packet, or just drop it. If it rejects it it basically sends back a response saying that the port is closed. If it drops it, it does nothing, just pretends it never received it and carries on.
The last method, the drop, is what is mostly used. By blocking all incoming traffic in this manner, it's as though your PC is offline!

Do I need a Firewall?

Yes. Even a good NAT based, hardware firewall only stops the routes of incoming traffic, outgoing will always be allowed.

Remember Blaster and Sasser? They exploited holes, all they had to do was find if your system was online, and if so, makes its request at the open port. A firewall will have helped two ways here:
Firstly, any attempt to find your computer will have failed, as packets will have dropped.
Secondly, if your PC was not in stealth mode, such as if you had a server port open, the firewall would have still dropped packets to the port the exploitable service ran on.

A few terms

When looking at firewalls, there will be a few terms used:

• Traffic - Any data/information coming in, or going out of your connection.
• Packet - Data is broken up into Packets of certain sizes.
• Protocol - This is a set of rules defining how data is transferred.
• Port - Packets of data are sent to and from a port, there are 1000s of ports.
• Address - This is the address of your connection.

What should I use?

As with Anti Virus software, there are both commercial and free Firewalls available.

Free firewalls are, obviously, free, but may be limited in features and are usually for personal use only. In addition to this, they usually are not ideal for protecting a network, just one machine. They basically do their basic job of processing incoming and outgoing data.

Commercial firewalls range vastly in prices, depending on use. Personal firewalls are probably around the £20-£30($30-$40) range. These may offer more advanced management, and may be able to protect a network connection, such as used through Microsoft's Internet Connection Sharing.
It's common now to include ad and script blocking at the firewall level too, so you may see these in commercial firewalls.

Firewalls Learn & Create Rules

Probably all Personal Firewalls go through a learning process to protect you, how you may ask?

In their normal mode, they question everything that comes in, or goes out. The first thing you might do after installing your firewall is open up Internet Explorer. Immediately your firewall asks if this is acceptable. You usually can answer four ways:

• Yes This Time - Permit the connection, but ask next time.
• Yes Always - Permit the connection this time, and in future.
• No This Time - Drop the connection this time, but ask next time.
• No Always - Never allow the connection.

For the "Always" answers, internally a rule is created. Example, your firewall says:

"Application Internet Explorer tried to connect to address www.helpbytes.co.uk (193.22.244.21) on Port HTTP(80) TCP."

When You select Yes Always internally, the rule may look like this (here in Structured English):

If Application is Internet Explorer
AND PORT is 80
AND Protocol is TCP
ALLOW connection.

Note the terms used. HTTP is a high level protocol which is used on port 80. TCP is a low level transmission protocol.

In future, before asking you a question, the firewall will go one by one through its rule looking for an exact match. This means next time you try view a site, this rule matches, so long as you're using Internet Explorer, and nothing strange was asked of it to use another port.

You make Rules

Rules can also be created by you, the user. You will be given an interface in which you can specify the above, and create/delete/modify rules. This gives you more power. In the example above, the rule didn't say only address 193.22.244.21 was allowed, so any address would match the rule. As the computer owner, you may decide an application can connect to one address, but not another, you could add this to the rule, and make it more powerful.

Downloading and Installing Sygate Personal Firewall

Sygate Personal Firewall may be obtained from: http://smb.sygate.com/products/spf_standard.htm.
To start downloading, simply click the Download Now image.

Installing the product is like installing many Windows Programs. Click the "Setup" button, and then simply follow the instructions!
If it asks you to restart, you must do so, otherwise you are not yet protected.

Post-Installation

After Installation there should not be anything to do, the firewall will automatically start in normal mode.

Three Modes:

• Block All - Everything will be blocked.
• Normal - Rules will be followed, and it will always prompt if it isn't sure.
• Allow All - Dangerous mode, nothing is stopped, in or out, rules are ignored.

Of those modes, you should nearly always run Normal, and if you think you're under some sort of attack, choose block all to be safe while you see what could be wrong. See Configuring below to learn how to choose another mode if you need to.

Rule Building

The firewall currently has no rules, basically everything is blocked unless you permit, and it will do this by asking questions. The first thing you might do now is open Internet Explorer, you should be confronted by a screen such as below:

What you see is something like I discussed above. This is safe to allow. You have 2 options: Yes and No. You can also tick the box, if ticked, this choice sticks for all future times Internet Explorer tries to make contact with the world. This is the four options, Yes (not ticked), Yes always (ticked) and so on.

If you tick the box, Sygate will build its rule which allows/denys this application to access every time in the future. If you just tick Yes or No, it will only apply this time, and the next time it will ask again.

What happens if you tick the box and then click NO by mistake, but you really meant yes?
What happens if you ticked the box and clicked YES but you didn't mean to?

Configuring Sygate's Rules

Quick access to options can be obtained by right clicking the Sygate icon, the two arrows.

The first option, in Bold, opens the main control panel.

The next three choose the mode. The one that is ticked is how Sygate will currently treat traffic.

The rest allow you to edit Options, we are interested in the Applications one, which lets us edit the rules.

Application Rules

The rules Sygate has made are based on Application. From the right click menu, choose Applications...

You will see a list of applications. Find the one you want to change, i.e. the one you made a mistake on. There is a little square box to the left of it. Three symbols:

• ? - Ask.
• X - Deny.
• ticked - Allow.

The third column "Access" echoes the access permitted in English form.
Advanced users may select an application and click "Advanced" to permit which ports this application may access, and servers etc...
Unfortunately the default may let the application access any port, this should not be a problem for legitimate applications.

Advanced Rules

From the right click menu, Select Advanced Rules.
From here, you can make your own advanced rules, you will see them in terms of boxes and symbols, as well as structured English.

It is beyond the scope of this site to explain advanced rules or the full workings of the firewall. You will find this in the help files, on Sygate's site, and other sources. Only more advanced users will ever find these helpful, the average Home user will now be sufficiently protected.