Do NOT depend on it for 100% protection

Aug 17 '01

The Bottom Line Software firewalls provide inexpensive limited security but can you configure them and will it work for you?

As more and more consumers have become security conscious in todays internet age of broadband connections, some have turned to low-cost software programs such as Black Ice Defender (published by Network Ice which has since been bought by ISS) and Norton Personal Firewall (by the Norton Corporation). While some of these software-only solutions will provide a limited amount of extra security for the average user, there are several things that you have to understand about internetworking security before rushing out to buy a firewall.

First of all, software firewalls are not for everyone. You have to remember that with any firewall configuration, what you are essentially doing is laying brick walls over some of your computer's connection ports. As such, firewalls may cause you trouble in the fact that out of the box software firewalls are usually not highly customizable for the average user. What does that mean for you? It means that some of your programs that use the internet or your home LAN may not be able to function properly since it may require the ability to accept traffic on a port that the firewall is default configured to reject.

To tell the truth, this is a common problem and an easy one to solve. Virtually any software firewall availible on the consumer market today will allow you to configure the firewall to allow or reject specific ports on the computer for internet traffic for both outbound and inbound communications. The main thing that you will have to contend with is finding the options menu to do so and understanding exactly how to allow or reject ports.

Most consumers, however, know virtually nothing about ports and which software programs use which ports. A port first of all is a virtual socket in your computer's internet connection that your computer and other computers can send traffic specifically to in order to distinguish it from traffic going to another type of program. For example, on the average computer the most commonly used ports are 80 and 8080 for internet webpages, 23 for telnet, 21 for FTP, and 25 for SMTP (mail) services. In addition, many of the software programs that you use everyday have proprietary port numbers taht could be reasonably complex considering that companies have thousands of ports to choose from that are currently unassigned.

As with any computer related task, there should be at least some basic written planning before you go out and buy a software firewall. You need to know 1) exactly which ports you send and recieve traffic through (a port list can be found on www.iana.com under protocol number assignment services, "P", "Port Numbers"). You will then have a list of portnumbers for both TCP and UDP communications along with what program or service uses them.

In addition, I would advise actually reading the manual for your particular software firewall program as it will tell you how to explicitly allow or deny particular ports on your computer.

Understand finally that any computer running a software firewall should not also be running a number of other services as those services may conflict with te firewall. for example dont run a DNS/WINS/DHCP server on the machine hosting your firewall software. In most cases, the firewall will not conflict with your gaming so gaming while running the firewall is, in most cases, ok.

Though software firewalls now offer a host of low-cost protection measures for home users with modem or broadband connections, they are not an install and forget mechanism. A firewall is worthless if your Operating system does not have the latest security patches as well as any internet or network bases software that you may run. An uncovered hole in any of these programs can make your software firewall worthless.

It is for that reason above any other that I would rather have either a proxy machine running my software firewall or a hardware firewall running as part of a planned perimeter network.

Comments on this Review

Read all comments (2)

Write your own comment

Epinions.com ID:
clocks

Member: Wayne Frazee

Location: Panama City Beach, FL

Reviews written: 100

Trusted by: 50 members

About Me:
I am an IT Manager for a game development company in Panama City Beach, FL.

View all reviews by clocks

View clocks's profile

Ads by Google

McAfee � FirewallDownload McAfee's Top-Rated 2009 PC Security Software & Save 50% Today!.www.McAfee.com/OfficialSite

Software ProcurementImprove Cost Savings & Terms. 760.431.5304 for Free Worksheet..www.Mitigo.com

Software FirewallsFind Vendors of Firewall Software In our Business Directory.www.business.com

Transparency SoftwareGain Buy-in and Accountability with our Collaboration Software.www.ExpertChoice.com

Secure Firewall on a PCFirewall proxy runs on a pc - CHEAP Includes VPN Client, WEBVPN.www.omninetinc.com

Epinions | Shopping.com | Rent.com | Free Classifieds | Price Comparison UK

Epinions.com periodically updates pricing and product information from third-party sources,
so some information may be slightly out-of-date. You should confirm all information before relying on it.