Firewalls - the good, the bad, and the oh so ugly

Do I need one?

This will completely depend on what your needs are. If you are responsible for a network that connects to the internet, the answer is likely yes. If you are a home user, it will depend primarily on what level of security you feel you need on your system. If you are new to the internet, or perhaps have children in the household who will click on anything, a firewall may help protect you from mistakes while you learn the ins and outs of the internet.

However, a firewall is largely unnecessary if you keep current antivirus and antitrojan software on your system. If the computer is simply for home use and is not offering services (running a webserver, mail server or other) then there are only a couple of routes available to a hacker to breach your system. Either File and Printer Sharing is enabled without a logon being required, or the system would have to be compromised with a virus or trojan that permits the hacker access.

A couple of good spots to obtain a software firewall are www.symantec.com and www.zonelabs.com

What is my firewall telling me?

Primarily, it's likely giving you unwarranted heart attacks. Personal firewalls tend to report a great deal of activity that is likely harmless, or of little concern. A ping, or ICMP packet, is unlikely to inconvenience your system unless you receive a very high volume of them. The ping utility that is included with both Windows and virtually all *nix operating systems is used primarily as a form of internet radar. A ping packet (ICMP) is sent from one computer to another. If the other computer is online, it responds back with an acknowledgement ping.

If the firewall is telling you it's detected a backdoor or subseven probe, or something along those lines you are looking at something a bit more serious. Is the remote address (IP Address) being shown trying to put a trojan on your computer? No. What you are likely seeing is someone who has been unfortunate enough to infect their computer with a trojan virus. The hacker remotely controlling that computer is scanning the internet looking for other infected hosts. If you aren't infected, you have nothing to be concerned about. Hackers can't break in where there isn't an existing security hole.

Should you report these probes? Yes. What you are doing in essence is notifying an ISP that one of their customers has had their security compromised and is being used by a hacker. You can either track down the ISP yourself and send them your log information, or you can sign up with the wonderful folks at www.mynetwatchman.com for a free account. Mynetwatchman provides plugins for a number of firewalls that will allow you to report automatically, removing all the research and aggravation of manually reporting attempted intrusions.

Trusted IP's and hosts

There are likely a number of sites and systems on the internet that you need to tell your firewall to trust. The DNS server (Domain Name System) of your ISP is a good start. The DNS server is a device likely run by your ISP, and it is the system that permits your computer to locate resources on the internet, such as webpages, mail servers and the like. Additionally any routers they use. Blocking your router will in effect block you from being able to surf the internet at all.