Hardly a day goes by without the inbox bringing more scare mongering news of a new virus or worm and even worse a vulnerability discovered in some programme we are using, of course you can't ignore issues like these but there are steps you should be taking to sleep well at night. Antivirus is a must but that is only half the battle you need to be able to keep unwanted visitors out and sensitive data in and that's the job of a firewall, time for us to present firewalls explained.

What is a firewall

In simple terms a firewall is a hardware or software device that acts like a fence around your system or network, it would be great just to put up a nig fence and never let anyone in (some systems do this) but in real terms your would lose all communication with the outside world a bit like a siege.

So what is needed is a walled garden with access to and from strictly controlled and limited to applications and data that you trust and that is exactly the job of a firewall, of course they range from free software only firewalls to full on corporate wide hardware systems.

How does it work

There are a number of technologies employed by firewalls to protect your data and network, the first is a simple set of rules, this permission based scheme plugs the holes that windows operating systems are sadly renowned for. Your windows operating system is like a Swiss cheese with many holes in it, some must remain for applications like email and web browsing to get to the public internet but windows ships with many other holes or "ports" open as standard.

For example many home machines will never network with another machine in their entire life, but as standard they ship with the NetBIOS ports open, there are a number of viruses and hacking tools that exploits this simple fact and there is an equally frightening number of home PC's sat right now with this ort wide open.

A simple rule set starts from the position of all ports (or doors) closed and then as you start each application you have to create a rule to let it get to the internet or network, most firewalls will come pre configured to allow internet and pop3 email access from start-up but you'll find that instant messaging systems like MSN messenger and yahoo IM will need permission to work.

This guest list a bit like a bouncers VIP list is maintained by you either as an administrator on the top of the range systems or on a simple software system it will prompt you each time a new programme asks for access.

What types are there?

There are 2 physical types of firewall software and hardware.

Software firewalls are commonly used in the home environment big names like Norton and MacAfee both make and sell internet personal firewalls, these do a good job of providing a basic rules based protection system by running an application on your PC.

Hardware firewalls are more common in the business environment where dedicated units have the outside world plugged in onside and the trusted network on the other, these are often supplied as a pair so that failure of a unit does not make the network vulnerable.

Both hardware and software firewalls use a number of different techniques to keep your PC and network safe, the first systems already described is a rules based or packet filter system, here all data incoming and outgoing is inspected to see that is coming from and going to trusted ports on the system and possibly even trusted IP addresses.

The next level up is a proxy server, this stands between the outside internet and the trusted network it intercepts all packets of data and checks if they meet the packet filter rules before forwarding data to the machine inside the trusted network. This adds a level of security by never letting the internet machine talk directly with the trusted machine, a system of network address translation (NAT) hides your internal IP address from the internet meaning all data has to go through the firewall for inspection. A proxy server is very good against brute force attacks], the equivalent of someone trying to shoulder charge your door down, its like putting an extra set of doors between your machine and the attack.

The best level of firewall technology is normally found only in high end firewalls but is slowly creeping into the top end home devices, SPI or stateful Packet Inspection, this not only applies rules to incoming data it checks various security protocols and can determine if data is really from whom it claims to be, this is in effect a smart firewall which is looking for known characteristics of certain attacks and spoofing attempts.

Most firewalls use at least 2 of these techniques and the best firewalls are a combination of all 3, plus most corporate firewalls use a combination of hardware and software to protected their networks.

Do I really need one?

Well it depends, most dial up users would not benefit from the extra security and would be hindered by the downsides covered in the next section, as dial up users get assigned a new IP address every time they connect it would be very difficult for hackers to find the machine before you end your surfing session.

But with the event of broadband you should get some protection, for example at the time of writing the Lordpercy.com router has been connected to our broadband connection for 11 days on the same IP address, we only reboot occasionally and that's the only time our ISP gives us a new IP address.

So we like every other broadband user are connected for enough time to make it worth while searching for open ports and trying to get in, or for a Trojan programme on a machine inside out network to get out and do some damage.

There must be a downside to Firewalls?

Well yes of course there is some downside, almost all firewalls have some performance issues, anything above the simplest packet inspection system will slow down traffic in and out of your network, not by much but it will have an effect. On a broadband connection this is hardly noticeable but on dial up its just another drain on a small 56k connection. Also some of the software based firewalls like Norton and Zone alarm do eat system resources on the host PC.

What should I get and where do I get it?

If you decide that you should look at protecting your PC / Network then if you are using a single PC and do not plan to build a network then head for a software system, Zone alarm from Zonelabs.com is free for personal use and Norton offer a personal internet security system which "does what it says on the tin". If you have a network then the best bet for the home user is a router with inbuilt firewall, be it wireless or cabled manufacturers like Netgear, Belkin and Linksys offer competitively proceed systems with a good solid firewall.

Below we've put some links to selected products on Amazon which will look after your network with both hardware and software systems, security is important its not just big corporations who get attacked, you wouldn't want your email account sending out spam? or a worm getting onto your machine and taking you offline for a few days? Perhaps you should consider some protection, at least we hope you now have some knowledge of what are firewall is and what it can do.