Firewall – the gatekeeper of your computer
How do the search requests you give your web browser know how to bring back the web page you want to your browser? Pages can be retrieved from the web because the Internet traffic (IP traffic) on your computer is directed to your programs through something called ports. Different programs reserve different ports for their own use as ‘return addresses’ so that no other program can use the same port at the same time.
The ports are software, not hardware. Due to programming errors, the ports may contain security holes, which may allow sniffers to enter the computer through the ports – unless the ports have been protected with a sort of ‘gatekeeper’ program. This guard of network traffic and computer ports is called a firewall.
Acquiring a firewall program
Many operating systems contain a built-in firewall: Windows, for instance, comes with a good firewall program preinstalled. There are also some slightly more developed versions of firewall available on the market. You can download firewall programs from the Internet for free (ZoneAlarm and Comodo are some of the free firewall programs).
The firewall built into Windows does not monitor or limit outbound traffic, but separate firewalls usually do. Therefore, installing a separate firewall program is recommendable.
F-Secure offers students at the University of Helsinki the SAFE software for computers and mobile devices at a student-friendly price. Instructions for purchase and installation can be found at the IT Center’s info site.
Using a firewall
The firewall program closes every port in the computer from unauthorised use. When the ports are closed, you computer is fairly secure from inbound contact attempts, but programs cannot access the web, so you have to give your programs permission to do so. This means that you have to decide which programs are allowed to access the web and which programs may receive inbound traffic.
The firewall will usually ask for your permission for Internet traffic with a dialog box like the one shown below. The dialog boxes vary according to program, but they usually contain the following information:
- The direction of the contact request: is the contact request made from your own computer (outbound traffic) or to your computer (inbound traffic)?
- The IP addresses of the requests: local IP means your computer’s IP address, remote IP is the IP address of a server.
- Information on the program that is requesting contact: if you install a new program that uses the web on your computer, the firewall will send you its request for a network connection, which you have to allow or deny.
Read each request carefully and consider what the firewall notification is about. Do not click on the Allow and Deny buttons on the program at random: with a firewall, you have to know which kind of traffic to allow and which not!
You should not automatically allow all outbound traffic, nor should you automatically deny all inbound traffic. The firewall is completely worthless if you allow all the traffic without any deliberation.
Even though it may prevent some malware from accessing your computer through ports, the firewall is not an antivirus program. To protect your computer from malware, you should also install an antivirus in addition to a firewall.