To understand what a firewall
is, you need to first understand what a network connection is. Even
though you have only one skinny set of wires connecting your computer
to the Internet (through a DSL phone line or cable outlet), that
connection actually consists of 65,535 ports.
Each port can simultaneously carry on its own conversation with the
outside world. So, theoretically, you could have 65,535 things going on
at a time. Of course, nobody ever has that much going on all at one
time. A handful of ports is more like it.
The ports are divided into two categories:
- TCP (Transmission Control Protocol):
This is generally used to send text and pictures (web pages and
e-mail), and includes some error checking to make sure all the
information that’s received by a computer matches what the sending
computer sent.
- UDP (User Datagram Protocol): This
works more like broadcast TV or radio, where the information is just
sent out and there is no error checking. UDP is generally used for
real-time communications, such as voice conversations and radio
broadcasts sent over the Internet.
Each port has two directions: incoming (or ingress) and outgoing (or egress).
The direction is in relation to stuff coming into your computer from
the outside: namely the Internet. It’s the stuff coming into your
computer that you have to watch out for. But you can’t close all ports
to all incoming traffic. If you did, there’d be no way to get the good
stuff in. But you don’t want to let everything in, either. You need a
way to separate the wheat from the chaff, so to speak.
Anti-spyware and antivirus software are good
tools for keeping out viruses and other bad things that are attached to
files coming into your computer. But hackers can actually sneak worms
and other bad things in through unprotected ports without involving a
file in the process. That’s where the firewall comes into play. A stateful
firewall, such as the one that comes with Windows 8, keeps track of
everything you request. When traffic from the Internet wants to come in
through a port, the firewall checks to make sure the traffic is
something you requested. If it isn’t, the firewall assumes this is a
hacker trying to sneak something in without your knowing it, and
therefore prevents the traffic from entering your computer. Figure 1 illustrates how it works.
So, there’s really more to it than just having a port open or closed. It’s also about filtering
— about making sure that data coming into an open port is something you
requested and not some rogue uninvited traffic sent by some hacker.
Many of the worms that infected so many computers in the 1990s did so
by sneaking in undetected through unfiltered ports. These days, you
really want to make sure you have a firewall up whenever you go online
to prevent such things.
What a Firewall Doesn’t Protect Against
It’s important to understand that a
firewall alone is not sufficient protection against all Internet
threats. A firewall is just one component in a larger defense system.
Specifically:
- Windows Firewall doesn’t protect you from spyware and viruses.
- Windows Firewall doesn’t protect you from attacks based on exploits. Automatic updates provide that protection.
- A firewall doesn’t protect you from pop-up ads.
- A firewall doesn’t protect you from phishing scams.
- Windows Firewall doesn’t protect you from spam (junk e-mail).
So, a firewall isn’t a complete solution. Rather, it’s an important component of a larger security strategy.
Note
Note that in the preceding
list, we indicated that Windows Firewall doesn’t provide certain types
of protection, such as spam or virus blocking. Many hardware firewalls do provide this type of protection. This is sometimes referred to as perimeter protection
because it protects your network from threats at the perimeter of your
network. These types of firewalls can cost from several hundred to
several thousands of dollars, so they aren’t always the best bet for a
home network. They can be extremely valuable, however, for business
networks.
