How Software Firewalls Protect Your PC from Attacks

March 28, 2008

Software firewalls all operate using a similar methodology. All data routed in and out of your PC is done using ports. The firewall is configured to monitor these ports and only allow traffic on those that are specifically enabled to do so, while blocking all other traffic. When a remote computer attempts to connect to your computer on a port that the firewall has blocked, the connection is prevented. Most software firewalls have no ports open by default, blocking all of them. This protects your computer from attacks because even if you computer may be vulnerable to a specific security hole, a remote computer trying to infect you cannot connect to it in the first place.

Obviously, blocking every port on your system at all times is quite impractical. Completely closing off all traffic into your system would cause problems for any applications on your system that makes use of a LAN or the Internet, including Web browsers, instant messaging applications, or online computer games. Consequently, it is possible to open up ports to allow required network traffic into your computer. Most firewalls allow you to specifically set permissions for allowing specific programs to use specific ports while denying all others. However, whenever you open up a port, both good and bad traffic can get through.

To fight the problem, most modern firewalls have a feature called Packet Inspection. Packet inspection looks at the packets that it lets through for known vulnerabilities. This is a good feature to have, because it helps protect you even when you open up some holes in your firewall by opening up ports. Currently, the firewall that comes with Windows XP does not support this feature.

Most third-party software firewalls not only inspect incoming network traffic, but also outgoing data. This is an important feature, because there are any number of ways for a virus or Trojan to infect your system and then send data out to the Internet from your PC. Firewalls that monitor outgoing traffic stop any unknown transmissions from leaving your PC until you specifically allow them to go through.

When you are configuring your software firewall’s settings,  keep in mind that the best policy is to block everything. Only open the ports you absolutely need.

%d bloggers like this: