<center>Securing your computer against threats from the Internet is an essential step. <br>If you do not, you will, at some point, regret it.</center><br><center> Guaranteed. </center>
"The perfect personal firewall would be inexpensive and easy to install and use, would offer clearly explained configuration options, would hide all ports to make your PC invisible to scans, would protect your system from all attacks, would track all potential and actual threats, would immediately alert you to serious attacks, and would ensure nothing unauthorized entered or left your PC." This great definition is quoted from Make Your PC Hacker Proof, Jeff Sengstack, PC World, July 21, 2000.
Important Tips -- Before installing personal firewall software on a Windows XP computer, be sure that the firewall built into Windows XP is turned off. Never use two software firewalls at the same time. Completely uninstall one before installing another. Use the vendor's uninstall utility or if not available, use the Windows XP add/remove software tool in the control panel. After you install a firewall, be sure to check it with a service like
www.grc.com and try their free Shields Up! security test. You will get immediate feedback on just how secure your system is! Testing your firewall is the only sure way to tell that your computer is really being protected.
A software firewall can be installed on the computer in your home that has an Internet connection. This computer is considered a gateway because it provides the only point of access between your home network and the Internet. <br>
With a hardware firewall,like a router, the firewall unit itself is normally the gateway. A good example is the Linksys Cable/DSL router. It has a built-in Ethernet card and hub. Computers in your home network connect to the router, which in turn is connected to either a cable or DSL modem. You configure the router via a Web-based interface that you reach through the browser on your computer. You can then set any filters or additional information.
Hardware firewalls are incredibly secure and not very expensive. Home versions that include a router, firewall and Ethernet hub for broadband connections can be found for well under $100.
The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.
One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind.
<center>There are four distinct types of firewall methods, which may be used individually or combined into a firewall product:</center>
Packet filtering: Packet filtering firewalls work by examining data packets as they attempt to pass through the firewall, and comparing them to a list of rules based on the source of the data, the destination it is intended for, and the port the data was sent from and intends to connect to. A firewall using packet filtering can be easily configured to stop certain forms of information flowing in or out of a computer or network by blocking well-known ports.
For example, setting a packet-filtering firewall to block data traveling out of the firewall from any source, using port 80 (the standard port used for http, or web-browsing data) will have the effect of disabling web browsing on all computers inside the firewall.
Likewise, if you were hosting a website on your computer and you set your firewall to drop all data coming into the network on port 80 from any source, no-one outside your network would be able to view your website.
The limitation of packet filters is that ports and IP addresses are all they will filter. They don't care about the content of the data, just where it's headed. They also require some technical knowledge if you wish to customize them. Most cable/DSL routing devices can use packet filtering as a part of their firewall protection.
Circuit level gateways: A circuit level gateway is a firewall that only allows data into its protected network based on requests that come from computers inside that network. The firewall keeps a record of requests for data that go out, and only allows data in that matches with a request. An advantage of this type of firewall is that since it acts as the gateway to the network it is protecting, anyone scanning the network from outside will see only the address of the firewall, not the rest of its protected network.
As an example of how circuit level gateways work, say computer A is in a network protected by a circuit level gateway firewall, and wants to view a web page on computer B which is outside the firewall. Computer A sends the request for the web page to computer B, which is intercepted and recorded by the firewall before being passed on. Computer B receives the request, which as far as it is concerned came from the address of the firewall, and starts sending the web-page data back across the Internet. When it reaches the firewall, it is compared to computer A's request to see if the IP address and the port match up, then the data is either allowed or dropped.
A major advantage to using this method is that non-requested data from outside the firewall is not allowed in, period. All ports are closed until the firewall opens them. The main disadvantage is that unless it is combined with some other form of filtering, any type of data requested from inside the firewall will be allowed though.
Software or hardware firewalls that use the circuit level gateway method will also include some method of internet sharing, since this is part of the function of this type of firewall. As you can probably guess, cable/DSL home routers use this method primarily. More specifically, they use Network Address Translation (NAT) which is a combination of circuit level gateway functions with Internet sharing.
Application level gateways: Application level gateways, also known as proxies, are outwardly similar in operation to circuit level gateways in that they act as the only entrance into or out of a protected network and deny all non-requested data from outside. The major difference is in the way they handle information.
While a circuit level gateway only examines the address and port information contained in data it receives, not the content, an application level gateway is more in-depth. A firewall using this method runs proxy applications to view common types of data (like HTTP for web-pages, FTP, SMTP or POP3 for email, etc.) before it is allowed through the firewall.
This has two major advantages. Firstly, no direct communication is allowed between outside sources and computers behind the firewall, since everything must first pass through a proxy, and secondly, filtering can now be done using the actual content of the data, as opposed to just where it came from and where it's going.
For example, using an application level gateway firewall, you can not only control which computers inside your network can access internet web pages, but also specify which web pages they are allowed to view, since the proxy for HTTP can read the contents of the data sent from a web server and check for restricted websites.
Application level gateways are considered very secure, because of the level of control they offer, but can require significant configuration to get the most out of them. They are also slower at passing information than other firewalls, because of the proxy applications. Client computers on a network with an application level gateway firewall need to be configured to be able to use the proxies to access resources outside the network.
Application level gateway firewalls will have integrated Internet sharing, since this is necessary to their function. They are generally intended for business use, protecting large networks. A good example of an application level gateway software package is Microsoft's ISA (internet Security and Acceleration) server, though this has several features beyond the firewall service.
Stateful inspection: Stateful inspection is a combination of packet filtering with some of the elements of the gateway methods. It is somewhat of a vague definition, unlike the other three. Essentially, it is a packet filter firewall that examines more than just the addresses and port information of the data. Without using proxies, it can imitate some of the features of an application gateway by viewing the application specific data sent in each packet.
There are a variety of different products available that use stateful inspection to varying degrees. The advantage of this method is that it can examine data at the application level (that is filtering by content, not just address) without the performance overhead added by using proxies. Stateful firewalls will also close all ports to unsolicited incoming data and keep a table of requests from inside the network, like the two gateway methods.
The firewall included with Microsoft Windows XP claims to be a stateful inspection firewall, though it lacks any way of filtering application content. This is where things get a little blurry, as the XP firewall has essentially the same functionality as the firewalls built into commonly available cable/DSL home routers, a combination of packet filtering with a circuit level gateway.
Apparently then, the definition of a stateful inspection firewall is one that combines features of the other three types to any degree.
Reviews of software firewalls:
http://www.pcw.co.uk/Products/Software/1153293 Link to free firewalls and antivirus:
Essential free Computer Programs & Firewall Information 
Firewalls: Professional Technical Advice, Helpful Information, Pro's and Cons 
Linear Mode
. Questions of a Do It Yourself nature should be submitted to our "