Dragonboy IT & Electronics Journey

Wednesday, March 08, 2006

Firewall Security - Intrusion Detection

Did you turn on your firewall ? These are the most common thing that your IT support will ask you whenever you have virus in your computer. So whats is a firewall? A Firewall is a security application that is very useful to prevent malicious application i.e. virus and spyware. Normal antivirus program works based on signature of virus. so when a new virus came, the antivirus programs needs to be updated in order to know how to detect and how to clean the program after it was being infected.

Firewall on the other hand is another useful utility that can be used to detect: spyware program and malicious activity by a program without being updated.

in here, I will only blog about Personal Firewall. Since there are many different types of Firewall, so I will only concentrate with 1. in the future maybe more :)

Personal Firewall normally protects only 1 PC. Personal Firewall is an application
that you need to install in order to protect your machine from spyware and virus.

Once you install a firewall program, at the beginning, it will be ANNOYING, because you need to train the firewall application to know which application is allowed to use the internet, and which one is not.

Everytime you run an application to connect to the internet, the firewall program will alert you that a program is trying to connect to internet. Its very useful since now you know that this program is trying to connect to internet.

Sample scenarios:
1. Internet explorer -> so you will always choose an option - always allowed to connect to the internet
2. Yahoo Messenger -> allowed to internet
3. zdkdfkj.exe --> what ????? how come this file want to connect to the internet.

Notice from the above, there is a file called zdkdfkj.exe and this program is trying to connect to the internet, if the file is just a normal application, what its trying to do ???? is it a spyware program that trying to report an activity.

Everytime there is a pop up screen asking you whether you want to allow a program to connect to the internet, you need to ask your self these following question:
1. Did you install this program yourself?
if you did not install this program, there is a chance that your system has been
compromised by a worm/virus. so you might want to do some clean up activity.

2. is this program suppose to connect to internet?
if a program is not suppose to connect to the internet and yet it wants to connect. You might want to check with google about comments of other people about this program. There is a chance that it might be an auto update so its reasonable to allow the program to connect. But there is another possibility that its trying to do something fishy

So a personal firewall will help you to notify you whenever there is a danger out there. Unlike an antivirus, Personal firewall needs less update. (*It still need update to the application to get a bug fix*), but less often, since personal firewall normally is a stable application and you are the one who decide whether an application will be allowed to connect to your machine, or allowed to connect to the internet.

So if you do not have a personal firewall now, please get one, it will help you to protect yourself against spyware and virus out there.

Some personal firewall are free too, some vendors are listed down here.
1. Zone Alarm -> Personal Firewall is Free for non business use
URL: http://www.zonelabs.com
Direct URL: Zonelabs - Zone Alarm

One of the first product that I use to protect my system.
Great product, so you could try it.
If you like it and would like to use the professional edition (more things to configure), you could do that once you are happy with the personal edition.

2. Symantec Intenet Security -> Buy it ;)
URL: http://www.symantec.com
One of the best product available in the market.

3. Sygate Personal Firewall -> Free version is available
URL: http://www.sygate.com

4. Kerio Personal Firewall -> Light version is free
URL: http://www.kerio.com

5. etc, etc.

Firewall also comes with a side effect:
1. Some application does not like a firewall during the installation or auto update.
If you encounter some problems surfing a website, or installing an application. Try to turn off your firewall application temporarily. It will help :)

2. You need to train the firewall application to recognise what application that is allowed to connect to internet. After a few days, most likely 90% of the rules has been set.

You could always change your mind to allow or not to allow an application to connect to the internet by going to the setting. Normally it will be listed down nicely somewhere in the configuration.


Conclution:
You need to have a Personal Firewall in your PC. Get from one of the above vendors if you do not have one currently.

More info: Wikipedia - Firewall

cya.

1 Comments:

Anonymous Anonymous said...

The content of the article was in good details. I hope you’ll keep posting nice to read blogs and informative articles. Thank for sharing a nice one. Great job.
Intrusion Detection

11:41 PM  

Post a Comment

<< Home