What is a firewall and why does your PC need one

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44

Spoiler alert: to protect your data.

What is a firewall

A firewall, or firewall, is a firewall that sequentially filters data passing through it. Using certain rules or patterns, it analyzes traffic that comes from the network or from your computer. If the packet fails validation, it will not be able to cross the firewall and reach your device from the Internet.

The word "firewall" (from the German brand - "to burn", mauer - "wall") was borrowed from firefighters. This is the name of a barrier made of refractory material, which prevents the spread of flame from one part of the building to another. And this, in general, reflects the purpose of the software: not to pass traffic that can harm the system.

Firewalls are installed not only on users' computers, but also on servers or routers between subnets. This is to prevent suspicious traffic from spreading quickly across the entire Web.

Firewalls are software (only software) and software and hardware (software and the device on which it runs). The former are more affordable, but they take up part of the computer's resources and are not so reliable. For ordinary users, they are quite enough. The latter are usually corporate solutions that are installed in large networks with increased security requirements.

What types of attacks does the firewall protect against?

• Phishing … Cybercriminals distribute links to phishing sites that are like two peas in a pod similar to your online banking, social network, or well-known brand. On such sites, it is suggested to leave personal data - with them, criminals can withdraw all the money from your bank account or blackmail you with intimate photos. The firewall will block connections to such resources.
• Backdoor access … This is the name given to vulnerabilities that are sometimes left - on purpose or not - in operating systems and other software. This allows cybercriminals or special services to send data to a device connected to the Network and receive traffic from it, for example, personal information, passwords, and so on. A firewall is able to prevent such leaks.
• Hacking Using Remote Desktop … Attacks of this format allow you to gain access to a computer over the network and control it. The firewall will detect suspicious traffic and deny its transmission.
• Forwarding packets … Sometimes fraudsters change the route of traffic on the Web in order to trick the system into believing that the data comes from a trusted source. The firewall will track this and block the traffic channel.
• DDoS attacks … If the firewall detects too many packets coming from a relatively small list of IP addresses, it will try to filter them out. By the way, if someone tries to use your computer for DDoS attacks, the firewall will also block outgoing traffic.

What types of attacks the firewall will not protect against

In order for the firewall to analyze the data, it must correctly recognize it. Typically, firewalls operate at several levels of the OSI (The Open Systems Interconnection model) model: network, channel, transport, application, and others. Each of them has its own filters applied. And if, for example, on the channel (higher) traffic matches the rules, and on the applied (lower) traffic it is encrypted, then the firewall will let such data through. And this can potentially lead to problems in the system.

Firewalls also do not cope with tunneled traffic - the one that is transmitted through VPN and other similar programs. In this case, a secure tunnel is created between two network points, some network protocols are packed into others (usually of a lower level). The firewall cannot interpret such packets. And if he works according to the principle “everything that is not prohibited is allowed”, then he lets them through.

Finally, if a virus can enter your computer, then the firewall will do nothing about the destruction that it can cause. For example, if malware encrypts or deletes files, or saves your personal data in order to transfer them through an encrypted messenger or other secure channel, the firewall is unlikely to warn you.

Of course, firewalls are getting smarter: they use intelligent algorithms and heuristics that detect problems even without predefined rules and patterns. In addition, in conjunction with antivirus software, the firewall blocks a significant portion of attacks. On the other hand, cybercriminals also do not sit idly by and invent new ways to bypass protection.

What problems can a firewall cause?

All protection comes at a cost.

Decrease in computer performance

The firewall filters traffic in real time. This requires resources: both processor power and RAM. As a result, the software can slow down your computer. And if its performance is low, you will feel it especially acutely.

Reduced traffic speed

The firewall takes time to analyze the traffic. And if there are many filters, then the delays can be significant. This is not so critical for browsing sites, but in online games it can be a cause of defeat.

False positives

It is not uncommon for firewalls to mistake legitimate traffic as a potential threat and do not allow such packets to pass through. They also create alerts - with a sharp sound, so that you definitely pay attention. As a result, you cannot work calmly and do not get access to the necessary Internet resources.

If you configure your firewall correctly, you can reduce the number of false positives. For example, enable it only on insecure networks (public Wi-Fi) or for certain applications (browser, instant messengers).

Is it worth using a firewall

If your computer is connected to the internet, a firewall will be helpful. It will block a significant portion of the network connections that you "did not order."

A firewall is especially needed when connecting to free Wi-Fi and other inadequately secured networks. Attackers often use them for attacks, traffic interception and data spoofing.

If your computer is not connected to the Internet or the network is sufficiently securely protected, for example, by a corporate hardware and software firewall, then you may not use a personal one. This will allow your PC to run a little faster, and false positives will not distract you.

Many newer router models have a built-in firewall. It allows you to configure packet filtering, allow or deny connections to specific URLs and IPs, and use of ports. To find out if your device has a built-in firewall, look for an item like Internet Firewall in its control panel.

But objectively speaking, software firewalls are usually more flexible and easy to configure. Therefore, if you do not fully understand how to ensure reliable traffic filtering using a router, we recommend that you do not turn off the firewall so as not to be left without protection.

What firewalls are built into the OS

They have become part of operating systems to protect users from cyberattacks.

Windows

The OS has a firewall starting with Windows XP SP2. In Windows 7, it is part of the Windows Security Center, in Windows 10 - the Security and Servicing Center. It supports filtering at the level of ports, packets, applications and the creation of various rules for different types of networks (private, public and domain networks), setting profiles.

To check the protection status in Windows 10, enter the word "firewall" in the search bar.

Alternatively, Start Menu - Settings - Update & Security - Windows Security - Firewall and Network Protection. Here you will also see if the firewall is enabled for different types of networks and can configure it.

In Windows 7, open Start Menu - Control Panel - System and Security - Windows Firewall - Check Firewall Status. It is configured in the "Change notification settings" item.

macOS

In this OS, starting with OS X 10.5.1, you can manage connections at the application level, not ports. Thus, potentially dangerous applications will not be able to access data through the ports that "good" programs use.

To check the firewall settings, go to the menu "System Preferences" - "Security" (or "Privacy and Security" in newer OS versions), then to the "Firewall" tab, click on the lock icon in the lower left corner and enter your name and password admin - this will unlock the panel. Then click the "Turn on Firewall" or "Start" button. The "Advanced" button will allow you to configure the firewall settings.

Linux

The Linux kernel has a built-in packet filter. Since kernel 2.4, the iptables utility is used as the firewall. It can protect against denial of service attacks, IP spoofing, packet fragmentation and DDoS.

Ubuntu has a UTF (Uncomplicated Firewall) wrapper for iptables. You can install the utility with the command apt install ufw in the terminal. To check its status, enter ufw status verbose (by default, protection is inactive). And to see the list of rules - ufw status numbered.

How to replace the built-in firewall

Third-party solutions can provide better security. They are flexible and include intelligent algorithms for searching for malicious activity and other useful features. And most importantly, they contain fewer vulnerabilities known to cybercriminals.

Firewalls are often part of antivirus packages. Here are some popular products:

• Avira: Basic Protection - Free; Pro versions - from 2, 95 euros per month.
• Comodo Wi-Fi Security: From $ 3.99 per month.
• BitDefender Internet Security: from $ 29.99 per year; there are free trials for 30 days.
• Avast Premium Security: from 1,990 rubles per year (with a firewall); there are free trials for 30 days.
• ESET NOD32 Internet Security: from 1,990 rubles per year; there is a free trial for 30 days.