Firewalls on Computers Addressed

By Kenny Williams

Firewalls are designed to provide security from intruders entering your computer system and stealing your sensitive information. A firewall is one of the most important ingredients in a dedicated high-speed Internet connection computer security cocktail. Wow! Say that one a few times, real fast. The problem with most firewalls is that their warnings and alerts are not always clear in meaning and they only supply you with literature that would be better suited as packing material for a birdcage than as a supposed document for your computer. I have had to work hard to understand the educational ideas and wisdom found in the firewall alerts.My whole meaning here is to introduce you to some important methods of how to decipher the more common firewall messages and determine whether you're really a doughnut.

The whole idea of a firewall is to prevent unauthorized traffic to or from your PC. Unauthorized traffic generally doesn't mean that your feed is under an attack; it's just traffic that isn't meeting the rules your firewall set. Rules are normally set by default when you install the firewall and are often updated as you permit or deny connections during normal use. When the firewall detects unauthorized traffic, it generates an alert, and you're informed by some combination of sound or alert dialog box. As a result, a firewall alert should not become a gut-wrenching, panic-inducing event it is simply a blocked connection (usually between your PC and the Internet), nothing more and nothing less. When you examine the alert, you'll see a detailed description of what's occurred and why the firewall decided to block the inbound or outbound access to your computer; the alert log will detail the event for your reference.

Inbound alerts are to record potential threats to your computer from the outside. Inbound (incoming) alerts occur when a presence elsewhere on the LAN (or the Internet) makes a request to your computer. These are perhaps the most common alerts a firewall displays because they can originate from so many different sources. When an inbound alert occurs, you will typically see the date and time, the source and destination IP (Internet Protocol) addresses and port numbers, and type of data (for example, TCP [Transmission Control Protocol], UDP [User Datagram Protocol], ICMP [Internet Control Message Protocol], or IGMP [Internet Group Management Protocol]) being sent.

In many cases, such alerts are little more than routine pings from your ISP (Internet service provider) to verify you're still connected and certainly don't constitute an attack. However, frequent alerts from the same source (perhaps made to a variety of ports on your PC) may suggest the need for additional investigation on your part. Although a firewall can report individual alerts, you may need to refer to your alert log to check for trends or recurring sources.

Outbound alerts are another way to monitor your system. A firewall will not only blocks outsiders from accessing your computer, but it can also stop your computer from accessing unauthorized locations on the LAN or Internet. When your PC attempts to send information to a location that has not been allowed, an outbound (outgoing) alert is generated. An outbound alert will tell you the date, time, the source and destination IP addresses and ports, and type of data. Outbound alerts usually occur because you're attempting to send data to a location on the local area network (LAN or Intranet) that has been prohibited. If you know the destination is safe, tell the firewall to permit that specific destination to stop the alerts.

A firewall can let certain applications on your PC communicate with the LAN (or Internet) but prevent others from connecting. When an unauthorized program attempts to make a connection, an application alert is produced. An application alert will include the date and time of the event, tell you which application tried to make the connection, and identify the destination IP address and port.

Application alerts generally occur because you either forgot to let the program make a connection or you're using a new program that

has not yet been identified to the firewall. If you cannot identify the program that's trying to connect, you may have inadvertently installed spyware (software that tracks user behavior without that user's knowledge) on your PC. By simply denying the connection, a firewall can be very effective at preventing spyware from reporting on your activities until you're able to remove it.

A variation of this is the access alert, which occurs when an application you specifically prohibited from connecting attempts to access the LAN or Internet. Access alerts also include the date, time, application, and destination information such as:

Many types of e-mail attachments can contain viruses that may be harmful to your computer. Some firewalls can identify attachments and automatically generate an alert when a potentially harmful attachment has been received. Firewalls such as ZoneAlarm can even quarantine the attachment for you until you can run a virus checker on it. A mail alert will usually include the date, time, e-mail application, and the action taken with the attachment such as:

MS, 2000/09/08, 09:45:56, -5:00 GMT, Microsoft Windows Messaging Subsystem, Renamed attachment type .HLP to .ZLA, N/A Once you run a virus checker and verify the safety of a quarantined attachment, you can rename it to its original extension and open and use it normally.

Firewalls offer essential safety features for any PC using a LAN or the Internet. However, most alert messages a firewall produces may seem intimidating. As a rule, an alert simply means a connection was blocked and no attack has occurredbut you'll have enough information to investigate the matter further if necessary.

If you have any questions comments or suggestions, feel free to email me at:

WebServer@yahoo.com.

I presently have a few openings for home computer repair and lessons. E-mail me with a request for more information.

The WebServer is a weekly computer column with a circulation of more than 120,000 readers in three different publications. Look for your weekly dose of WebServer in The Caribbean Connection in Atlanta, Orlando and Miami and in The Observer News in Ruskin.