Home Computer Aid

The proliferation of high speed, always on Internet connections such as DSL and Cable, means attackers now have direct access to many home user PC’s with little interference from Internet Service Provider’s (ISP’s).

Attackers want to gain access to your computer to steal information, damage your data or Operating System, or use your computer as a platform to attack others. You can stop them with a hardware and/or software firewall.

A firewall is a device or program that looks at the data flowing across your network and either lets it go or blocks it. A firewall will block all traffic that tries to get into your computer unless you configure it to allow the information in, or unless you requested it by clicking on a web page for example. When you find my page and click on www.homecomputeraid.com, your firewall knows to expect a reply to your request for my web page, and allows that back through.

You may want a hardware firewall to protect against outside threats, and a software firewall to allow you to control traffic between computers on your network and to let you control what goes out of your computer onto your network or to the Internet.

A hardware firewall is usually a double duty router and firewall for the home user. If you have DSL or Cable, you can use a router to connect multiple PC’s to the Internet. If you buy a router, please make sure it clearly states on the box that it is also a firewall. If you see a statement like "Acts as a firewall using Network Address Translation (NAT)" or something like that, keep your cash in your pocket. A router that claims to protect you with NAT only is NOT a real firewall. You’ll want one that does Stateful Packet Inspection (SPI). See the Learn More page for more on this.

If you're trying to decide between getting a wireless or wired router, or a wireless or wired firewall, I strongly recommend spending a few extra dollars (an extra $20 or $40) for a firewall. Some, like the Netgear listed below, are cheaper than some routers!

If you use a Virtual Private Networking (VPN) client to get into your corporate network, you’ll want to get a firewall that supports VPN or VPN pass through. Please obtain help from your network administrator if you're in doubt.

If your network administrator is security conscious, he or she may already be requiring the use of a software firewall before you’re allowed to VPN in.

Hardware Firewalls

Two excellent home Stateful Packet Inspection (SPI) firewalls in the $80 to $90 price range:

Linksys Instant Broadband EtherFast Cable/DSL Firewall Router with 4-Port Switch BEFSX41

Netgear ProSafe VPN Firewall with 4-Port 10/100 Mbps Switch FVS114

Software Firewalls

Windows XP SP2 Firewall - Built in firewall installed with Windows XP Service Pack 2. It may have some security vulnerabilities, but it’s a vast improvement over the original XP Firewall. For more on the vulnerability, visit PC Magazine’s article about it. If you download one of the firewalls below, I strongly recommend disabling the Windows firewall before using Zone Alarm or Sygate. It is not a good idea to run more than one firewall. Also, the Windows Firewall only blocks inbound connections. See this SearchSecurity.com article.

Zone Alarm - Free, configurable software firewall.

Sygate - My preference. It's also free and more easily configurable. I find it more user friendly than ZoneAlarm, and it doesn't seem to require you to update as often.

McAfee - Fee based Personal Firewall Plus by McAffee can be purchased separately or bundled with Antivirus.

Norton Personal Firewall 2006 – Blocks online intrusions automatically – Download the newest version now! Click Here. Another excellent pay program. When bundled with Antivirus, you only have to update one program instead of several.

Testing Firewalls

How do you know if your Software or Hardware Firewall is working? Read on...

To test a Hardware Firewall, or test the outside of a Software Firewall, try Sheild's Up! by Gibson Research Corp. Shield's Up! will conduct what's known as a Port Scan of your computer or firewall, and tell you what weaknesses (open ports) it finds. Ideally, there should be no open ports from the outside.

To check whether your Software Firewall will permit unknown outbound traffic without prompting you, use Leak Test also from Gibson Reasearch. This application harmlessly tries to access the Internet. If your Firewall does not prompt you, asking whether it's ok, it might be time to look for another product. Thanks for the excellent, small utilities Steve!