Let's Stop The Hack Attack

An essential part of protecting the network is having a firewall to keep hackers out.

According to an FBI/Computer Security Institute survey from 2000, hack attacks cost U.S. businesses $45 million in 1999. When hackers strike, 39 percent of the time it is targeted towards a specific organization, and generally the source of entry is a remote user’s computer, according to Zone Labs Inc. Without the proper protection such as a firewall, all personal and business computers are at risk.

Basically, a firewall decides what online information can and cannot pass through a system. It is the most essential part of network security because it is the first line of defense, allowing certain individuals access to a network while blocking outsiders.

Choosing a firewall isn’t a straightforward task because each business has unique needs. However, one thing remains the same: a firewall’s duty is to block all harmful traffic to permit the important information to filter through. It is important to remember, however, that a firewall is only as good as the configurations the user has placed on it.

"When it comes to making the right choice, when (consumers) decide to incorporate (a firewall), my advice is this: first answer the questions what are my security needs? What problems am I trying to solve?" said James Grant, president of 8Signs Ltd. of Saratoga, CA. "For companies putting servers on the Internet, the answer may be simple: allow customers to reach my Web, e-mail or FTP server; block all other ports on my system; catch hacking attempts and block these people; (and) protect my server from common attacks."

Firewall Forms
Firewalls can be purchased in three forms. The first one is software, which is the direct connection between a computer and the Internet. It is usually installed to run over top of the computer’s operating system, such as Windows. The second option is a hardware firewall. They usually come with additional services and are generally the easiest to install. The third choice is a combination of the two.

Users have a choice of four types of firewalls:

1. Packet Filtering and Proxy Firewalls
Although years ago packet filtering and proxy firewalls were separate entities, now companies usually bundle them both into their services. Packet filtering keeps a record of every IP address that the computer encounters. Sometimes hackers can spoof the computer into thinking that the packets are coming from a reliable source because the actual content of the packet is not checked. Proxy-based firewalls are often more secure because they are machines that do not have an IP address attached to them -- they act more like a server. The most effective thing about proxy firewalls is that no packets are allowed to cross them -- it acts as a median between the browser and the Internet.

2. Application Gateways
In this method, a connection is made to the gateway, which then logs on to the Internet. Because this method logs on for the user, it is great at cataloging what sort of traffic is passing through.

3. Circuit-level Gateways
This firewall application allows connections through it, monitoring and copying all the bytes that it encounters.

4. Stateful Inspection
Since some companies incorporated a proxy-based and circuit-level gateway, the result has been the creation of a seamless firewall protection (the best form on the market). This method checks content and allows protocols to pass through a validation procedure; keeps a record of connections; and can authenticate connections, among other things. Very few attacks penetrate this form.

Choosing A Firewall
"Both consumers and businesses should look for the best possible security combined with the slightest impact to their productivity. Effective security must be easy to use or it won’t be used, lending an illusion of security. Such an illusion can be more dangerous than no security at all," said Te Smith, senior director of Corporate Communications at Zone Labs Inc. "However, the definition of easy differs amongst users. Consumers often require out-of-the-box security -- no tricky setup required. Businesses often want a higher degree of control, so central management tools and seamless integration to existing infrastructure are important to them."

Besides the amount of security needed, there are other factors to consider when choosing a firewall. First, how much money does a business have to spend? Basically, the firewall’s features and the benefits it provides should be reflective of how much it costs. Businesses also have to estimate how much the company is expected to grow. The level of security needed is important, and this should include those who work both in the office and in remote locations. Look for products that are scalable and offer automatic updates.

"Features that are important to both audiences (personal and business) are stealth mode firewalls, meaning the PC is cloaked from being seen on the Internet, as well as an application-centric approach," said Smith. "Security products need to be easy to set up, easy to use, scale as the network grows and fit into existing infrastructure."

What Do Firewalls Scan For?

Port Scan
This is the most common attack blocked by firewalls. All Internet activity comes through a specific port on the computer (whether mail or the Web browser) and each port has its own specific number. Hackers scan the ports to see what software is running through them, and if there is a known bug in the program they usually attack. Firewalls are there to stop this from happening. Firewalls also allow files to be shared between a home computer and a business machine, and can stop anyone who tries to intercept them.

Denial of Service Attack
This attack is designed to crash the computer so that the user cannot access any files. Hackers send information in packets and when the computer tries to open them, it crashes and sends network traffic in all directions. Firewalls can often safeguard the machine from these attacks, but since these are the most destructive of all, it can become quite difficult.

What Firewalls Cannot Do
Firewalls cannot stop everything that enters the network although they are generally 99 percent effective. Users need to know that firewalls do not:

- Protect the computer from a hacker that is within the internal network
- Stop critical attacks if something happens to get into the system
- Defend against viruses, Trojan horses or physical outages

Is There Anything Else I Should Know?
Because of the emergence of viruses coming through e-mail, many firewalls are incorporating anti-virus software to scan attachments before they are delivered. Security analysts believe that firewalls should always be coupled with anti-virus protection and content filtering to provide maximum security.

"Firewalls are pretty much a necessity in today’s networking environment, given the number of attacks and vulnerabilities that are coming across our systems," said Gene Manyak, product marketing manager with Check Point Software Technologies. "And anti-viruses, which is what most consumers are using, really don’t provide the full spectrum of coverage... Firewalls catch traffic that anti-viruses cannot."

Even after all is said and done, one main consideration should be: who will be looking after the firewall? Will there be a technical support agent who can fix things when anything goes wrong? Does the company have the budget to support such an agent? A firewall of stealth proportions is no good unless someone knows how to properly monitor it.

"It’s not a security issue directly, but indirectly it is. Because if someone can’t manage their firewall infrastructure then chances are that the infrastructure isn’t as secure as it could be or should be. So management is a really big dimension of what separates the various firewalls," said Manyak. "The larger a networking environment, the more important all those components become."

Those looking for a mode of protection should remember this: a firewall is only as good as its latest update -- one that is too old or out of date is almost as hazardous as not having one at all.

"Let's Stop The Hack Attack" by TopHosts.com