_______________________________________________________________________________ 3.3 About firewalls by Alibaba This essay is about Firewalls but before looking at different products and comparing them, it might be worth going to some basic details, understand how Internet communication takes place between 2 computers and then find solutions to the problems we might face. Also having some basic understanding will help us to choose and configure our Firewall with some degree of informed decisions rather than just following a set of default rules. As each an every computer is different in the way they are set up and the programs installed on them, the requirements for the level security will also vary. Of course if you are using your computer just to write some letters, and play games but never use the wild Internet you do not need a Firewall. Well, what is Internet about anyway? It is simply connecting your computer to another computer, willing to communicate with you, and allow them to talk to each other. Very much similar to picking your phone up and dialling a number (a URL) then when connected, communicate. To do this we need, first a program, a browser like Internet Explorer or such, and then a device, a network adapter/a modem which will translate the 1`s and 0`s the computers use, into another form and send them over the copper or fibre optic "wires" to the other computers which we want to connect to. The computer we want to connect to have to have another program, like a Web Server, which will respond to the requests our browser, sends. These signals will first go to our ISP and from there they will be sent/routed towards their final destination. Then the replies from other computers will arrive first at our ISP and are then directed to our home PC. The first problem starts here, computers can only understand numbers and not "names" like Microsoft or Sony, and on the other hand humans prefer to use names rather 1`s and 0`s. So when you type an address on your browser, like www.microsoft.com to connect to, this firstly has to be translated into a number, like, in this case, 207.46.197.102. This is done by what is called Domain Name Servers, DNS for short. You can reach www.microsoft.com by typing in either http://www.microsoft.com or http://207.46.197.102 The second problem is that any communications over the Internet has to travel through many many different connection points, shared by many, and located at different parts of the world. So we need a common language to use so everybody understands each other. Secondly that language has to be reliable to cope with all the possible problems, which can be caused by such a complex and long route it has to travel. Back in the early 60`s such a Language was developed by The Defence Advance Research Projects Agency, DARPA , and agreed on and that is the one we are concerned about here, and not with some other languages which also exist, but for other specialized purposes. TCP protocol. The communication on the Internet takes place, not as a single continuous wave, but by individual data packages, called packets. Before the communication, the flow of data, can start between 2 computers, the client, e.g., your computer who initiated the connection, and the server, e.g., www.Microsoft.com, who has to respond, must go through a ritual, called 3 way connection handshake. First the client must send a packet; lets call it, SYN (chronize) to the server. This packet also contains other information, like your IP number/port/the name of your program and some other details. But some of those are outside the scope of this article. On receipt of this packet, SYN, the server, eg.www.Microsoft.com responds, and sends back a new packet, Syn/Ack (nowledge). The receipt of this packet by the client, confirms the existence and willingness of the server to SERVE. And as a final step of this ritual, the client sends a new packet to the server, ACK (nowledge) only. The receipt of this packet, ACK, by the server completes the 3-way handshake and the flow of data between these 2 computers, can then start. Now, the purpose of having a Firewall is to ensure that your computer only talks to the computer you have chosen to connect to and no one else's. That is all. Again before going to examining how this can be achieved we have to look at some other details. Lets first make a note of the Protocols most commonly used and particular interest to us. TCP/IP Transmission Control Protocol/Internet Protocol UDP User Datagram Protocol ARP/RARP Address Resolution Protocol/Reverse ARP DHCP Dynamic Host Configuration Protocol ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol We already discussed the first one earlier. The others are not used for the two-way communications but as the descriptions may explain, help to initiate and maintain the TCP/IP protocol. Worth noting that they are over 130 different protocols and some also have further variations. Like ICMP is used for Echo, Echo reply, Destination unreachable, Source quench (too much traffic on the routers) Port unreachable etc. UDP is used for message services, your DNS server will use UDP for instance. So far we have established a basic understanding of the language and the accessories to make our computer communicate with another, next lets look at the what Ports, Port numbers, mean. They are, if we can compare an address like www.microsoft.com to a telephone switchboard, then the ports would be the extension numbers. Although a web site may only have a web server, many sites offer other options and services; therefore it has been decided to allocate a number of ports, 256 x 256 = 65,536. And these have been allocated to different uses, services. The first 1023 ports have been allocated for the use of the most common services. Port 21 FTP File transfer Protocol, file sharing between hosts. Port 23 Telnet Terminal Emulation Protocol allows a virtual connection between a server and a client. Port 25 SMTP Simple Mail Transfer Protocol. It is used to send mail, so when you want to send an email; you connect to Port 25 of your mail server. Port 53 DNS Domain Name Server of your service provider, which we discussed earlier. Port 80 HTTP Hypertext Transfer Protocol. Port 110 POP3 Post Office Protocol V3.This the port you connect to collect your mail. Port 119 NNTP Network News Transfer Protocol, as the name may suggest, used by Usenet servers. Port 133 Ident/auth It is used to try to identify the user. Ports 137/138/139 Used for file and printer sharing in networked computers. Port 443 HTTPS Similar to HTTP but for secure connections, part of the message is cryptic. Port 1080 Socks It is used to connect out from within a network firewall. Ports 3128/8000/8080 is used by proxy servers. As stated earlier the main purpose of a Firewall is, while allowing you to surf the WWW restrict all communications to the addresses, URL`s, you have chosen to connect to and where possible using only the ports and protocols necessary. Some firewalls also allow you to filter some of the contents, like adverts, popup windows, cookies etc. This is achieved by hardware and software and sometimes a combination of both. On the next chapter lets install some popular software Firewall, on a typical W98 machine and see what happens. But before that we have to visit another area, what are the components between the microchips of your modem and the keyboard. Below is a list of some FWs. Agnitum Outpost Firewall BlackICE Defender CA Sessionwall-3 ConSeal PC Firewall & Private Desktop eSafe Protect Desktop eTrust EZ Firewall Freedom 2 GNAT Box Lite Internet Alert 99 Look'n'Stop Look'n'Stop Lite McAfee Firewall McAfee Internet Guard Dog Pro NeoWatch Norman Personal Firewall Norton Internet Security Norton Personal Firewall 2001 PC Viper PGP Gauntlet Proxy + Snort (Intrusion Detection System) Snort - Win32 GUI Sphinxwall Pc firewall Sybergen Secure Desktop Sybergen SyGate TermiNET TGB:BOB Tiny Personal Firewall Wingate WinProxy WinRoute WyvernWorks Firewall Zonealarm _______________________________________________________________________________