When setting up your home or small-office network security, understanding firewall settings can help ensure your computers aren't being accessed by rogue computers or programs that hack your sensitive data or spread malicious programs, such as viruses and Trojans.
There are two major types of firewalls, hardware and software, and unless you access the Internet via a dial-up modem (in which case a software firewall will do) you need both on your home network. Hardware firewalls sit between your network and the Internet, and monitor the flow of data by inspecting the data "packets" content to ensure they conform to the rules determined by you. Most modern routers include a built-in hardware firewall. The router rules are used to dictate which machines are allowed to connect to the network, whereas the firewall rules control the flow of data between software programs on those machines.
Although a hardware firewall will protect your networked devices from unwanted connections from beyond the network, making the whole network appear as a single machine to the outside world, it won't protect devices inside the network from each other. So if you connect your laptop or a mobile device to an unsecured network and pick up a virus or Trojan, and then reconnect to the network, other devices are exposed. Installing a software firewall on each computer provides another line of defense.
Firewalls guard the ports, or connections able to receive information from another device, on your computer. The firewall looks at things such as where the data originated, which port it is aimed at and for which program. If the data passes the firewalls rules, it will be forwarded to the target device; if not the firewall blocks the data, closing the port. By default, many firewalls only monitor incoming data. This will protect your network from outside attacks, but won't prevent a compromised machine from sending unauthorized data out. Ensuring your firewalls are set to monitor both incoming and outgoing traffic is one of the most important changes you can make to factory default settings on your firewall.
The single most effective change you can make to your firewall's default settings is to change the handling method. If the firewall is set to "default to allow," that means everything will be allowed through unless it matches a rule blacklisting it. Change the setting to "default to deny," and your network security is instantly ratcheted up a notch, with all communications not matching a rule on a whitelist turned away. Although this can be cumbersome for a while when the firewall is first installed, with every program asking for permission to access the Internet, it doesn't take long for this to settle down, and is worth the inconvenience.
Changing these two settings alone to monitor incoming and outbound traffic, and to default to deny, will vastly increase your network security. However, all that is for nothing if you blindly allow every connection request you are presented with. Make sure you understand what you are allowing and why, and if you're not sure, use the temporary block and allow options to work out what the connection is for before setting permanent rules.
Learn the computer network security tools and techniques to protect your network from hackers and unauthorized use. |
Our guides to computer network security address wireless network security, password tips and how to set up a network monitor. |
Follow these 10 simple steps to enhance your computer network security. |
Wondering which computer security tools your network requires? It's easy to think only of Internet security: protecting your network from outside threats. Yes, your network ne...click here for more. |
These password tips for home users will help to deter hackers and identity theives. |
Learn some simple tips for effective wireless network security. |
A network monitor program can be useful, even for simple home networks. |
