All about firewalls
GETTING TO KNOW YOUR BEST DEFENCE.
WHEN IT COMES to both personal and business cyber security, there is perhaps no more important defence than the firewall. Firewalls don’t get the kind of press they used to, simply because they’ve actually become very good at their jobs, forcing cyber criminals to resort to other means of attack like malware and social engineering. But if your firewalls ever went down, you’d know it: it’s likely that your system would be compromised in minutes.
So let’s take a look at firewalls: what rules you should know, and when and how to break those rules.
WHAT DOES A FIREWALL DO?
We should start with what a firewall does. Simply put, a firewall blocks internet traffic. It doesn’t allow any traffic to pass unless that traffic is ‘approved’ under the rules configured by the user or the software. Approval means that the traffic has to come from a specific source or be on a specific port. For example, you might set a rule that traffic on port 80 is allowed through the firewall but all other traffic is rejected.
The default rule on most routers is that all incoming connections are rejected. That means that if a hacker tried to ‘dial into’ your home network in order to hack a PC on it, the firewall would simply reject that connection.
Firewalls can be one or two-way. There’s one built into your router as well as one built into your PC (but probably not your mobile, game console or other smart devices). The firewall built into your router will, by default, only block incoming traffic, but will let outgoing connections go ahead – in effect, you can ‘dial out’ but others can’t ‘dial in’.
The firewall software on your PC, however, is more complicated. It monitors both incoming and outgoing traffic, and will block or allow traffic on a per-application basis. That’s why, when you install a new program on Windows, it asks you if you would like to give it permission: this is your firewall software checking whether to allow traffic to go out from and come into that application.
MANAGING YOUR WINDOWS FIREWALL
As mentioned above, both your Windows PC and router have firewalls built in, providing a double security layer that will defeat most attackers.
By and large, Windows Firewall will manage itself, only popping up when you install a new application asking if you’re sure you want it to be able to access the internet. This is done to prevent potential malware and spyware from dialling out from your PC (and potentially sending private information). If you get a firewall popup asking about a program you’re not sure about, say no, you don’t want it to have internet access. That will prevent any malware from, say, sending your personal data over the internet.
But there are times you might want to manage it. It’s worth occasionally checking to see which applications have been granted internet access. You may have also accidentally blocked an application that you didn’t want to.
If that’s the case, you want to head to Windows Security. From the Start Menu, go to Windows Security in the program list (you
can also just type Windows Security in the search bar). Then go to Firewall & network protection.
If you want to see what apps have permission (and what don’t), click on Allow an app through the firewall. You’ll be shown a list of all detected apps, and whether they’ve been granted permission to access the internet. Windows breaks permission down by the type of network you’re currently connected to: whether Private or Public, and has separate permissions for each.
To allow an app through, place a check next to it. To block it, remove the check.
If you really want to get down into the weeds, you can also click on Advanced settings in the Firewall & network protection panel. This will bring up a complete list of every networking rule applied by your Windows Firewall, and allow you to modify them or create new ones. This isn’t for the faint of heart, though, so we’d recommend most people just stick to the simple application list.
NAT FIREWALLS AND STATEFUL PACKET INSPECTION
Windows Firewall will only protect the specific PC it’s on. But the good news is that your router will protect the rest. So, let’s take a look at your router firewall.
If you check out this month’s Home Networking column, we talk about network address translation. Not only is that useful for adding new devices to your network – it’s also the basis for most router firewalls. Because all the devices inside your home network have ‘fake’ private IP addresses rather than true public IP addresses, no device from outside the network can communicate directly with them since they have no way to address them. Your router/gateway is the only device on your home network that can be seen by the rest of the internet, while all your other devices are hidden on a private network. That makes NAT an effective firewall: if a hacker can’t see your PC, they can’t hack it.
Modern routers also have additional layers of security as well. Nearly all current routers have stateful packet inspection (SPI) built in. SPI doesn’t just apply traffic filtering rules, since sometimes those can be fooled by attackers – it looks inside packets and checks for genuine connections, to make sure that incoming traffic is not trying to trick it by pretending to be part of an existing connection.
PORT FORWARDING
So your router firewall will reject all incoming connections by default. For most people, that’s perfect. They only want to ‘dial out’ – that is, initiate connections – and nobody should ever be allowed to ‘dial in’.
But sometimes you do want to allow people to connect to a PC or device inside your network without prior approval. You might want to run a web server or game server on a PC, and have that accessible to people on the internet, for example. In that case, you’re going to need to set some rules on your router to be able to do that, otherwise it will just block that connection. It’s called port forwarding, and we’ll cover it in the next issue.