Personal Firewalls for Administrators and Remote Users
Author: Lisa Yeo
Pages: 240
Publisher: Prentice Hall PTR
ISBN: 0130462225
Introduction
Many users think that their personal computers are not susceptible to any kind of attack. Despite their belief, many computers, especially those behind a permanent broadband connection, suffer attacks. What can you do to protect yourself? One of the things you can do is install a personal firewall and this book is here to teach you all about it.
About the author
Lisa Yeo is a systems analyst with the Legislative Assembly Office in Edmonton, Alberta, Canada. Her start in security came in 1997 when she was made responsible for managing a corporate firewall. Since that time, she has acquired the Global Information Assurance Certification Security Essentials and Windows certifications. Lisa currently sits on the GIAC Windows Board.
An interview with Lisa Yeo is available here.
Inside the book
The book starts with a chapter dedicated to security basics. The author introduces general security principles and helps you realize why firewalls exist. Yeo naturally notes that a firewall is not the only method of defense you should use. Here you’ll learn about the three basic principles of information security: confidentiality, integrity and availability. They are all explained with examples that even users without any knowledge of computer security can understand. Following is a part dedicated to risk assessment where you’ll see the various types of risks that you can be affected by. Once you’ve made the risk assessment you can create a security policy and Yeo illustrates the things to consider when creating one. The last part is dedicated to the explanation of what firewalls do, why they are necessary and you’ll see why you might need a firewall.
In order to get an understanding on how firewalls work, you need to learn the basic networking concepts. The author writes about the Internet Protocol Address, the Domain Name System, RFCs, etc. We move on as we read about internet protocol basics and get an understanding about ports, the Transmission Control Protocol, and so on. This chapter provides a solid foundation that will help you understand what follows next.
Yeo shows us the different methods that personal firewalls use to protect your machine. Here you’ll learn about Network Address Translation, static packet filtering, stateful inspection and application proxy. The author notes that personal firewalls often combine these standard methods and additional features like blocking on attack signature and intrusion detection. There are many figures and tables in this chapter that illustrate the material and provide a clearer picture for readers new to how personal firewalls work.
Yeo moves on by discussing the usage of a personal firewall at home. The author identifies the various risks that are a particular concern to the home user. In order to assess your needs you have to think about your skills, interests and aptitudes. You should also create a personal security policy. When you are looking for software there are a few things you should take into consideration: ease of use, configuration, levels of protection, logging, etc. Next we see how the Zone Alarm personal firewall can be configured. It’s also nice to see that the author doesn’t stick only to the Windows platform but also mentioned the Lokkit tool that can be used to configure basic settings for ipchains
. When it comes to managing your firewall Yeo shows us how you can maintain your firewall.
Some risks cannot be mitigated by the traditional corporate firewall. Yeo will show you what risks you can protect yourself from if you use a personal firewall in the workplace. In addition to the things the home user has to take into consideration, a corporate user has to think about centralized management of the product. The example security policy in this case is more elaborate.
What do you do when something goes wrong on your system? You check your logs to see what’s happening “behind the scenes”. The author illustrates why it’s important to use and review your logs. As a minimum, logs can be used to deal with configuration problems when your firewall is not behaving as expected. You can have minimal logging or log every packet. However, logging just unusual traffic is probably the best solution if you don’t want to have your disk space eaten up. Ok, so you’re convinced that logging is a good idea so Yeo moves on to teach you how to read what you’ve logged. There are five main ways you can use your logs to:
- identify configuration errors
- identify scanning activity
- identify attacks
- monitor outbound traffic
- respond to reports of attacks from your computer
The author also notes that if you’ve turned off all services on your host, you patch and block all incoming traffic, you could turn off logging. In any case, at least a minimal amount of logging is a wise thing to have.
The following chapter provides an overview of configuration options as well as a distinction between legitimate and illegitimate traffic. To achieve this, the author writes more about services that run on various ports. As soon as you choose the firewall you think is right for you, there are various things you have to take into consideration. What you learn here is how to choose the right level of protection for yourself. As regards traffic blocking, Yeo gives an overview on what do do and how to do it.
Most personal firewalls come with preconfigured settings to get the end user up and running in no time. The author gives a few pointers that will make you stay protected as time passes, vulnerabilities are uncovered, and you become interested in advanced configuration. The author discusses stealthing, passive fingerprinting and the LaBrea program. LaBrea can be used to mislead attackers and slow them down.
Troubleshooting is what comes next. The author addresses several problems you can encounter as well as some common areas that are regularly broken when using firewall. If you want to use services such as Kazaa and NetMeeting you’ll have to configure your firewall to permit them. The author emphasizes that you have to be careful also when uninstalling a personal firewall – review the instructions provided by the vendor.
Perhaps the most interesting part of the book to an average user will be the first appendix that contains a comparison of several firewalls. This comparison of both hardware and software firewalls will certainly help you choose the right firewall.
My 2 cents
As I see it, this is a very good publication intended for all of you that want to learn more specifically about personal firewalls. The people that will benefit mostly from the material presented in this book are the novice users. The book is written clearly and is very easy to follow, a book that could find its place in many introductory courses for computer security.