Firewall's for computers were named because they for computers what a brick firewall is for a building - keeps the bad stuff on the outside.  Brick firewalls keep fire from spreading from one part of a building to another.  Computerized firewalls keep malicious cyber traffic out of your network and computers.

Click for larger image

Hardware Routers/Firewalls:

Any $50.00+ router sold in a office supply store today for the typical home network has a hardware firewall built into it.  Even if there is only one computer in the house, if you have an always on, broadband type connection to the Internet, you should have such a router between your computer and the broadband modem.  These routers/firewalls are designed to just plug in and work, which they all usually do rather well.  The only thing you need to configure is a change to the factory default password that gives someone access to the router settings.  The manual (usually on CD) that comes with the router will show you how to do that.  Our current favorite small router/firewall brand is Netgear.

People are still asking in this hacker-infested society whether they need a firewall or not.  The short answer is absolutely YES.  The long answer concerns what configuration for the firewall that you cannot survive on the Internet without.

Software Firewalls:

Software firewalls are programs that run on individual computers, and protect only that computer.  While programs from Symantec and McAfee are commonly sold in Office Supply stores and Electronic Malls, we personally would never use them.  They are too hard for the average computer user to configure, so most people never do configure them.  As a result, other Internet-oriented programs do not work, and the average user has no idea why.  We prefer and use the professional version of Zone Labs ZoneAlarm program. We also do not like the same program to do everything, which is what these Internet Security Suite's try to do.  We like our anti-virus and firewall programs to be separate and independent.

The advantage of a good software firewall like ZoneAlarm is that when something sneaks past all other guards, and then tries to send information back out, the firewall will pop up a window telling you that a certain program is trying to access the Internet, and do you want to let it.  You can permanently allow or block it, or block and allow just that one occurrence.  The current version of ZoneAlarm (Ver. 6.0.6xx.xxx) includes spyware monitoring and keyboard monitoring alerts along with everything else they offer.

There are several types of Firewall techniques:

Packet Filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but is difficult to configure. In addition it is susceptible to IP spoofing.  This is one of two filter techniques commonly used by home/small office firewalls.

Application Gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose performance degradation.  This and the next technique are commonly used by corporations with IT staffs and lots of money.

Circuit-Level Gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

Proxy Server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses. This is commonly called NAT, or Network Address Translation.  This is the other highly effective technique used by home/small office firewalls.